Main Vulnerability Database Vulnerabilities #VU44545

Buffer overflow in libpurple - CVE-2011-3594

Published: November 4, 2011 / Updated: August 11, 2020

Vulnerability identifier: #VU44545

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2011-3594

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: pidgin.im

Affected software:
libpurple

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service (crash) via invalid UTF-8 sequences that trigger use of invalid pointers and an out-of-bounds read, related to interactions with certain versions of glib2.

How to mitigate CVE-2011-3594

Install update from vendor's website.

Buffer overflow in libpurple - CVE-2011-3594

Detailed vulnerability description

How to mitigate CVE-2011-3594

Sources

Please verify you're human