Format String Bug into libsilcclient 1.1.2

Daniel Atallah daniel.atallah at
Fri Oct 14 17:20:04 EDT 2011

On Fri, Oct 14, 2011 at 17:01, Ethan Blanton <elb at> wrote:
> Joilson Rabelo spake unto us the following wisdom:
>> Libsilcclient 1.1.2 dll is vulnerable to format string attacks since 2009
>> and i'd like to know why you guys did not updated it?
>> Pidgin 2.10 is obviously vulnerable since it uses 1.1.2, please upgrade to
>> 1.1.3 and the problem is going to be solved, it's a serious bug and can lead
>> to Remote Code Execution
> I assume you are talking specifically about our Windows package, is
> that true?  (We do not bundle libsilc with our sources.)

The Windows Package currently ships with libsilc 1.1.8.

The name of the DLL is still "libsilcclient-1-1-2.dll" due to how the
libsilc build scripts work.


More information about the security mailing list