Specially crafted text can crash Pidgin if Window is not Maximized

Mark Doliner mark at kingant.net
Thu Jun 16 05:10:19 EDT 2011


On Wed, Jun 1, 2011 at 1:57 PM, Luke R. <gaming4jc2 at yahoo.com> wrote:
> If a specially crafted url is pasted into Pidgin on x64 Win7 and the window is
> not maximized, it will cause a crash. (Perhaps other elements would then be
> exploitable too, but I'm not sure.) This also does not appear to affect Linux.
> Attached is a video demonstrating the predicament.

*snip*

> Nothing overly significant I can see. For anyone wishing to further test it:
> USK at nwa8lHa271k2QvJ8aa0Ov7IHAV-DFOCFgmDt3X6BpCI,DuQSUZiI~agF8c-6tjsFFGuZ8eICrzWCILB60nT8KKo,AQACAAE/

If people are still able to reproduce this we should definitely fix
it, but it only needs to be treated as a security vulnerability if a
remote user is able to cause Pidgin to hang by sending you that
string.  For what it's worth I wasn't able to reproduce this using
Pidgin 2.8.0 on 32bit Windows XP.  Hopefully someone here is either
familiar with this bug or has access to 64bit Windows 7 and can test.

--Mark


More information about the security mailing list