A NULL pointer dereference flaw was found in the way XMPP protocol plug-in of Pidgin, a Gtk+ based multiprotocol instant messaging client, performed change of user name for particular buddy. If a remote Pidgin user, present on the buddy list of the victim, changed their Pidgin nickname to specially-crafted value it would lead to Pidgin client crash. Upstream bug report: [1] http://developer.pidgin.im/ticket/14392 Upstream patch: [2] http://developer.pidgin.im/viewmtn/revision/info/d1d77da56217f3a083e1d459bef054db9f1d5699 Upstream security page entry: [3] http://pidgin.im/news/security/?id=60 CVE request: [4] http://www.openwall.com/lists/oss-security/2012/03/14/2
Created pidgin tracking bugs for this issue Affects: fedora-all [bug 803299]
This was assigned the name CVE-2011-4939: http://www.openwall.com/lists/oss-security/2012/03/14/7
Statement: Not Vulnerable. This issue does not affect the version of pidgin as shipped with Red Hat Enterprise Linux 5 and 6.