Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 385657

Summary: <net-im/pidgin-2.10.0 libpurple Heap memory corruption using g_markup_escape_text() without sanitizing first (CVE-2011-3594)
Product: Gentoo Security Reporter: Michael Harrison <n0idx80>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: minor    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://developer.pidgin.im/ticket/14636
Whiteboard:
Package list:
Runtime testing required: ---

Description Michael Harrison 2011-10-04 19:49:06 UTC 
The vulnerability lies in calling g_markup_escape_text() on strings
which have not been verified as valid UTF-8.  This function is not
required to do anything reasonable with invalid UTF-8, and indeed
reads past the end of the string and will eventually segfault for
certain sequences in some versions of Glib 2.  Because the behavior 
of this function is undefined, and depends on the particular version of Glib 2 in use, the complete ramifications of this bug are unknown.  Remote crashing of a libpurple client by untrusted users via specifically crafted SILC messages is a verified vulnerability.

This bug is believed to affect all releases of libpurple up to and including version 2.10.0.
Comment 1 Kacper Kowalik (Xarthisius) (RETIRED) gentoo-dev 2011-10-04 20:09:27 UTC 

*** This bug has been marked as a duplicate of bug 385073 ***