CVE-2010-1624

Publication date 14 May 2010

Last updated 24 July 2024

The msn_emoticon_msg function in slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.7.0 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a custom emoticon in a malformed SLP message.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
pidgin	10.10 maverick	Not affected
	10.04 LTS lucid	Fixed 1:2.6.6-1ubuntu4.1
	9.10 karmic	Fixed 1:2.6.2-1ubuntu7.3
	9.04 jaunty	Ignored
	8.04 LTS hardy	Fixed 1:2.4.1-1ubuntu2.10
	6.06 LTS dapper	Not in release

How can I get the fixes?
What do statuses mean?
Patch details

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
pidgin	Upstream: http://developer.pidgin.im/viewmtn/revision/info/894460d22c434e73d60b71ec031611988e687c8b

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-1014-1
Pidgin vulnerabilities
4 November 2010

Other references

http://pidgin.im/news/security/?id=46
https://www.cve.org/CVERecord?id=CVE-2010-1624