Red Hat Bugzilla – Bug 819446
CVE-2012-2318 pidgin: Improper validation of incoming plaintext messages in MSN protocol plug-in
Last modified: 2015-11-24 10:05:38 EST
An improper input validation flaw was found in the way MSN protocol plug-in of Pidgin, a Gtk+ based multiprotocol instant messaging client, performed parsing of MSN message payload containing certain characters. If a remote server provided a specially-crafted MSN notification message or remote attacker, being present on the buddy list of the victim, provided a specially-crafted MSN offline instant message, it could lead to pidgin executable crash.
Relevant upstream patch:
This issue affects the versions of the pidgin package, as shipped with Red Hat Enterprise Linux 5 and 6.
This issue affects the versions of the pidgin package, as shipped with Fedora release of 15 and 16. Please schedule an update.
Created pidgin tracking bugs for this issue
Affects: fedora-all [bug 819454]
The CVE identifier of CVE-2012-2318 has been assigned to this issue:
Upstream v2.10.4 announcement:
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Via RHSA-2012:1102 https://rhn.redhat.com/errata/RHSA-2012-1102.html