|Bugzilla:||743481: CVE-2011-3594 libpurple: invalid UTF-8 string handling in SILC messages|
The MITRE CVE dictionary describes this issue as:
The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service (crash) via invalid UTF-8 sequences that trigger use of invalid pointers and an out-of-bounds read, related to interactions with certain versions of glib2.
Not vulnerable. This issue did not affect the version of pidgin as shipped with Red Hat Enterprise Linux 6 as it explicitly disables support for the SILC protocol.
CVSS v2 metrics
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat security errata
|RHEL Desktop Workstation version 5 (pidgin)||RHSA-2011:1371||October 14, 2011|
|RHEL Optional Productivity Applications version 5 (pidgin)||RHSA-2011:1371||October 14, 2011|
|Red Hat Enterprise Linux version 4 (pidgin)||RHSA-2011:1371||October 14, 2011|
This page is generated automatically and has not been checked for errors or omissions.
For clarification or corrections please contact the Red Hat Security Response Team.