Remote crash in ICQ

Mark Doliner mark at
Sun Jun 28 19:16:15 EDT 2009

On Sun, Jun 28, 2009 at 4:48 AM, Josh Bressers<bressers at> wrote:
> ----- "John Bailey" <rekkanoryo at> wrote:
>> Warren Togami wrote:
>> > Do we need a CVE number for this?
>> I leave this as an excercise for everyone else to determine.
> Is this just a crash? My understanding is that we end up with a huge malloc,
> which fails or causes the OOM to kick in?
> A crash like this can go both ways. If the default ICQ setting is to let any
> user message you, it's probably an issue, but if it's only people on your
> buddy list, not so much.

I believe it is a remotely triggerable crash.  I believe the default
ICQ setting is to let any user send web messages to you.  I think it
should probably have a CVE number.


More information about the Packagers mailing list