Possible libpurple vulnerability in multiple prpls
Josh Bressers
bressers at redhat.com
Sat Aug 15 06:59:05 EDT 2009
----- "Elliott Sales de Andrade" <qulogic at pidgin.im> wrote:
> Hi there,
>
> I think I have a potentially exploitable crash here, and I'm trying to
> determine whether it's going to be requiring a CVE ID. I'm holding off
> on applying the fix until this is determined. The exploit requires the
> user to accept a file transfer and then crashes because of passing
> NULL to g_filename_to_utf8.
>
Without looking at code, this sounds like a crash only bug. What does
g_filename_to_utf8 do with the NULL that suggests arbitrary code execution?
If it's only a crash, getting a CVE id is up to upstream. If you want to call
it a security fix, then it gets one, otherwise not. As a user has to accept
the file, I'd lean toward no.
Thanks.
--
JB
More information about the Packagers
mailing list