FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2012-1178

This CVE name corresponds to:

Entered Topic
2012-04-01 libpurple -- Remote DoS via an MSN OIM message that lacks UTF-8 encoding

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2012-1178
Phase Assigned(20120214)

Description

The msn_oim_report_to_user function in oim.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.2 allows remote servers to cause a denial of service (application crash) via an OIM message that lacks UTF-8 encoding.

References

Source Reference
CONFIRM http://developer.pidgin.im/ticket/14884
CONFIRM http://developer.pidgin.im/viewmtn/revision/diff/60f8379d0a610538cf42e0dd9ab1436c8b9308cd/with/3053d6a37cc6d8774aba7607b992a4408216adcd/libpurple/protocols/msn/oim.c
CONFIRM http://developer.pidgin.im/viewmtn/revision/info/3053d6a37cc6d8774aba7607b992a4408216adcd
CONFIRM http://pidgin.im/news/security/?id=61
OVAL oval:org.mitre.oval:def:18019