Red Hat Bugzilla – Bug 803298
CVE-2012-1178 pidgin: Client abort in the MSN protocol plug-in by attempt to display certain, not UTF-8 encoded text
Last modified: 2015-11-24 10:05:31 EST
A denial of service flaw was found in the way MSN protocol plug-in of Pidgin, a Gtk+ based multiprotocol instant messaging client, performed sanitization of certain not UTF-8 encoded text prior its presentation. A remote attacker could send a specially-crafted not UTF-8 encoded text (for example via Offline Instant Message post), which once processed by the Pidgin client of the victim would lead to that Pidgin client abort.
Upstream bug report:
Upstream security page entry:
This issue affects the versions of the pidgin package, as shipped with Red Hat Enterprise Linux 5 and 6.
This issue affects the versions of the pidgin package, as shipped with Fedora release of 15 and 16. Please schedule an update.
Created pidgin tracking bugs for this issue
Affects: fedora-all [bug 803299]
This was assigned the name CVE-2012-1178:
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Via RHSA-2012:1102 https://rhn.redhat.com/errata/RHSA-2012-1102.html