Specially crafted text can crash Pidgin if Window is not Maximized

Luke R. gaming4jc2 at yahoo.com
Wed Jun 1 16:57:30 EDT 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,
Per #pidgin in IRC-Freenode's advice, they thought I should share this with you. If a specially crafted url is pasted into Pidgin on x64 Win7 and the window is not maximized, it will cause a crash. (Perhaps other elements would then be exploitable too, but I'm not sure.) This also does not appear to affect Linux. Attached is a video demonstrating the predicament.

The only thing in logs when this occurs is:
(16:44:27) prefs: /pidgin/blist/list_visible changed, scheduling save.
(16:44:29) util: Writing file prefs.xml to directory C:\Users\USERNAME\AppData\Roaming\.purple
(16:44:29) util: Writing file C:\Users\USERNAME\AppData\Roaming\.purple\prefs.xml
(16:44:31) util: Writing file accounts.xml to directory C:\Users\USERNAME\AppData\Roaming\.purple
(16:44:31) util: Writing file C:\Users\USERNAME\AppData\Roaming\.purple\accounts.xml

Nothing overly significant I can see. For anyone wishing to further test it:
USK at nwa8lHa271k2QvJ8aa0Ov7IHAV-DFOCFgmDt3X6BpCI,DuQSUZiI~agF8c-6tjsFFGuZ8eICrzWCILB60nT8KKo,AQACAAE/

The URL is relevant to many other "Freenet" (Freenetproject.org) URI's.
I wasn't sure it was wise to file a bug report should this in fact lead to exploitation.

Thanks,
Luke
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)

iQIcBAEBAgAGBQJN5qdLAAoJEF3y7+7mx3k+Z3cP/1wGhQXMrKhzYH4lKPvR20pl
/CnPUlb6Sz5J/OXotBdD/+Sf/KG4exaFgiTh3o/aVdmi3/TxLrZu/Rz+j1CuT2Fg
5hSmb6BEbPDZnWGVIqn0XAU3ilaYdF1KPiKvul9LzydK7ScabjYjPq5yX/F+8Opw
ZT8DOyieVdzJHcw7A16wVobC0xk8vcJFNIw3TK3AQmmKD2rXfAFnoF1yG+JpTcdx
lWnOOPW3KIpZt/8dvRbDFSVFAvuilg45ksdtUBcgvQN8Mans5lT7ntS50S62P3PB
EssAMBdtE60Gb1YX2OXtT2lgYKHthm2jpaNNWWEFolY996xFfyfUsWx959xMsGQr
pKsJhcZbZm5uvnS907KtRdEhk55BGAz55bB3yGthgWs4wAb9jF38i052d/mQFTmQ
H/zYnENfQJCrr7PK32VgvNfVxuTZ0jVTBnkcMU6GREembC9IRfSxN5WlJJFUBS6D
9FArL75c7Pu6wQtpzVNEBYqzOq0MG3SqJX4WIXOyGfJTrLB+FthWIJK5s8uO2ZS9
O/0zrPW8QROnaPQo/W1fyqXnQWcv+o5n2lu5X7tw0CNiiQVy0J721ZJZXaDIeAVq
ydl88qx9NrG0NJJbmwvXVZv/8Lrd2U0LbNmdRUHbP/3w9+ntR6Z1Mx9EsJlOpDd9
eLxDUqPacOJF5vUCcwSc
=pfmK
-----END PGP SIGNATURE-----

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20110601/7e086dcf/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: TEST.zip
Type: application/x-zip-compressed
Size: 1948219 bytes
Desc: not available
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20110601/7e086dcf/attachment-0001.bin>


More information about the security mailing list