FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libpurple -- multiple vulnerabilities

Affected packages
libpurple < 2.10.7


VuXML ID 549787c1-8916-11e2-8549-68b599b52a02
Discovery 2013-02-13
Entry 2013-03-10
Modified 2013-03-16

Pidgin reports:


Fix a crash when receiving UPnP responses with abnormally long values.


Fix two bugs where a remote MXit user could possibly specify a local file path to be written to.

Fix a bug where the MXit server or a man-in-the-middle could potentially send specially crafted data that could overflow a buffer and lead to a crash or remote code execution.


Fix a crash in Sametime when a malicious server sends us an abnormally long user ID.


CVE Name CVE-2013-0271
CVE Name CVE-2013-0272
CVE Name CVE-2013-0273
CVE Name CVE-2013-0274