DescriptionHuzaifa S. Sidhpurwala
2014-01-24 09:03:53 UTC
A Heap-based buffer overflow was found in SIMPLE protocol header parsing. A malicious server could provide a Content-Length header of '-1' which could lead to a buffer overlow. This could cause pidgin to crash or possibly execute arbitrary code with the permissions of the user running pidgin.
Acknowledgements:
Red Hat would like to thank the Pidgin project for reporting this issue. Upstream acknowledges Yves Younan of Sourcefire VRT as the original reporter of this issue.
Comment 1Huzaifa S. Sidhpurwala
2014-01-27 06:30:40 UTC