CVE-2011-4602

Published: 16 December 2011

The XMPP protocol plugin in libpurple in Pidgin before 2.10.1 does not properly handle missing fields in (1) voice-chat and (2) video-chat stanzas, which allows remote attackers to cause a denial of service (application crash) via a crafted message.

Priority

Status

Package	Release	Status
pidgin Launchpad, Ubuntu, Debian	hardy	Ignored (end of life)
	lucid	Released (1:2.6.6-1ubuntu4.5)
	maverick	Ignored (end of life)
	natty	Released (1:2.7.11-1ubuntu2.2)
	oneiric	Released (1:2.10.0-0ubuntu2.1)
	precise	Not vulnerable (1:2.10.2-1ubuntu1)
	upstream	Needs triage
	Patches: upstream: http://hg.pidgin.im/pidgin/main/rev/15eb0e242206 vendor: https://rhn.redhat.com/errata/RHSA-2011-1821.html

References

http://www.pidgin.im/news/security/?id=58
https://ubuntu.com/security/notices/USN-1500-1
https://www.cve.org/CVERecord?id=CVE-2011-4602
NVD
Launchpad
Debian

Bugs

https://bugs.launchpad.net/ubuntu/+source/pidgin/+bug/958208

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›