FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2012-1178

This CVE name corresponds to:

Entered Topic
2012-04-01 libpurple -- Remote DoS via an MSN OIM message that lacks UTF-8 encoding

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2012-1178 at cve.mitre.org

Details

Type Candidate
Name CVE-2012-1178
Phase Assigned(20120214)

Description

The msn_oim_report_to_user function in oim.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.2 allows remote servers to cause a denial of service (application crash) via an OIM message that lacks UTF-8 encoding.

References

Source Reference
CONFIRM http://developer.pidgin.im/ticket/14884
CONFIRM http://developer.pidgin.im/viewmtn/revision/diff/60f8379d0a610538cf42e0dd9ab1436c8b9308cd/with/3053d6a37cc6d8774aba7607b992a4408216adcd/libpurple/protocols/msn/oim.c
CONFIRM http://developer.pidgin.im/viewmtn/revision/info/3053d6a37cc6d8774aba7607b992a4408216adcd
CONFIRM http://pidgin.im/news/security/?id=61
REDHAT RHSA-2012:1102
OVAL oval:org.mitre.oval:def:18019
SECUNIA 50005

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.