Possible libpurple vulnerability in multiple prpls

Josh Bressers bressers at redhat.com
Sat Aug 15 06:59:05 EDT 2009

----- "Elliott Sales de Andrade" <qulogic at pidgin.im> wrote:

> Hi there,
> I think I have a potentially exploitable crash here, and I'm trying to
> determine whether it's going to be requiring a CVE ID. I'm holding off
> on applying the fix until this is determined. The exploit requires the
> user to accept a file transfer and then crashes because of passing
> NULL to g_filename_to_utf8.

Without looking at code, this sounds like a crash only bug. What does
g_filename_to_utf8 do with the NULL that suggests arbitrary code execution?

If it's only a crash, getting a CVE id is up to upstream. If you want to call
it a security fix, then it gets one, otherwise not. As a user has to accept
the file, I'd lean toward no.



More information about the Packagers mailing list