You are here

CVE-2013-6489

Vincent (CVE) Danen's picture
Integer signedness error in the MXit functionality in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (segmentation fault) via a crafted emoticon value, which triggers an integer overflow and a buffer overflow.

Details Source

Mitre

Public Date

2014-01-28 00:00:00

Impact

Moderate

Bugzilla

CVE-2013-6489 pidgin: Heap-based buffer overflow in MXit emoticon parsing

Bugzilla ID

1 057 490

CVSS Status

verified

Base Score

4.30

Base Metrics

AV:N/AC:M/Au:N/C:N/I:N/A:P

Acknowledgements

Red Hat would like to thank the Pidgin project for reporting this issue. Upstream acknowledges Yves Younan and Pawel Janic of Sourcefire VRT as the original reporters of this issue.

External References

http://pidgin.im/news/security/?id=83

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 6 (pidgin) RHSA-2014:0139 2014-02-05
Red Hat Enterprise Linux 5 (pidgin) RHSA-2014:0139 2014-02-05

CWE

CWE-190->CWE-122

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 7 pidgin Not affected