Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 385657 - <net-im/pidgin-2.10.0 libpurple Heap memory corruption using g_markup_escape_text() without sanitizing first (CVE-2011-3594)
Summary: <net-im/pidgin-2.10.0 libpurple Heap memory corruption using g_markup_escape_...
Status: RESOLVED DUPLICATE of bug 385073
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Depends on:
Reported: 2011-10-04 19:49 UTC by Michael Harrison
Modified: 2011-10-04 20:09 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Michael Harrison 2011-10-04 19:49:06 UTC
The vulnerability lies in calling g_markup_escape_text() on strings
which have not been verified as valid UTF-8.  This function is not
required to do anything reasonable with invalid UTF-8, and indeed
reads past the end of the string and will eventually segfault for
certain sequences in some versions of Glib 2.  Because the behavior 
of this function is undefined, and depends on the particular version of Glib 2 in use, the complete ramifications of this bug are unknown.  Remote crashing of a libpurple client by untrusted users via specifically crafted SILC messages is a verified vulnerability.

This bug is believed to affect all releases of libpurple up to and including version 2.10.0.
Comment 1 Kacper Kowalik (Xarthisius) (RETIRED) gentoo-dev 2011-10-04 20:09:27 UTC

*** This bug has been marked as a duplicate of bug 385073 ***