Specially crafted text can crash Pidgin if Window is not Maximized

Jorge Villaseñor salinasv at gmail.com
Thu Jun 16 10:35:25 EDT 2011


On Thu, Jun 16, 2011 at 4:10 AM, Mark Doliner <mark at kingant.net> wrote:
> On Wed, Jun 1, 2011 at 1:57 PM, Luke R. <gaming4jc2 at yahoo.com> wrote:
>> If a specially crafted url is pasted into Pidgin on x64 Win7 and the window is
>> not maximized, it will cause a crash. (Perhaps other elements would then be
>> exploitable too, but I'm not sure.) This also does not appear to affect Linux.
>> Attached is a video demonstrating the predicament.
>
> *snip*
>
>> Nothing overly significant I can see. For anyone wishing to further test it:
>> USK at nwa8lHa271k2QvJ8aa0Ov7IHAV-DFOCFgmDt3X6BpCI,DuQSUZiI~agF8c-6tjsFFGuZ8eICrzWCILB60nT8KKo,AQACAAE/
>
> If people are still able to reproduce this we should definitely fix
> it, but it only needs to be treated as a security vulnerability if a
> remote user is able to cause Pidgin to hang by sending you that
> string.  For what it's worth I wasn't able to reproduce this using
> Pidgin 2.8.0 on 32bit Windows XP.  Hopefully someone here is either
> familiar with this bug or has access to 64bit Windows 7 and can test.

Hi, I'm using Windows7 64bits and tested with 2.7.11 and I wasn't able
to reproduce the bug.

Luke, do you have a Gtk+ different from the one shipped with pidgin?

-- 
Masca

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing on usenet and in e-mail?


More information about the security mailing list