[3.5] pidgin: Out-of-bounds write when stripping xml (CVE-2017-2640)
An out-of-bounds write vulnerability was found in
purple_markup_unescape_entity. It can be triggered by sending invalid
XML
entities separated by whitespace, eg “ஸ”. In default installation, this
can get called only when receiving data from a server.
Fixed In Version:
pidgin 2.12.0
References:
https://pidgin.im/news/security/
Patch:
https://bitbucket.org/pidgin/main/commits/b2fc9e774cb9
(from redmine: issue id 7001, created on 2017-03-13, closed on 2017-05-02)
- Relations:
- parent #6999 (closed)
- Changesets:
- Revision 237ab4df by Sergei Lukin on 2017-04-03T12:38:12Z:
main/pidgin: security fixes #7001
CVE-2017-2640: Out-of-bounds write when stripping xml