CVE-2007-4999

Published: 29 October 2007

libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML logging, allows remote attackers to cause a denial of service (NULL dereference and application crash) via a message that contains invalid HTML data, a different vector than CVE-2007-4996.

Priority

Status

Package	Release	Status
pidgin Launchpad, Ubuntu, Debian	dapper	Does not exist
	edgy	Does not exist
	feisty	Does not exist
	gutsy	Released (1:2.2.1-1ubuntu4.1)
	upstream	Released (2.2.2)

References

https://ubuntu.com/security/notices/USN-548-1
https://www.cve.org/CVERecord?id=CVE-2007-4999
NVD
Launchpad
Debian

Bugs

https://bugs.launchpad.net/bugs/157347
https://bugs.launchpad.net/bugs/158400

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›