Buffer overflow in MXit image command

Ethan Blanton elb at pidgin.im
Wed May 23 13:54:45 EDT 2012 

Hello,

Ulf Härnhammar spake unto us the following wisdom:
> I have found a stack-based buffer overflow in Pidgin (verified in
> versions 2.10.4 and 2.10.3, but other versions are also assumed to be
> vulnerable).

Thank you for identifying this bug, with details, and bringing it
directly to us via this security list.  As this is a remotely
exploitable bug, we will coordinate a Pidgin release with the various
packagers of Pidgin and other libpurple-based projects

We will need just a little bit of information from you before we
proceed.

1) To the best of your knowledge, is anyone else aware of this bug who
   might disclose it publically, or has it been reported to any public
   tracker or mailing list?  The answer to this question will affect
   both the method by which we request a CVE for this vulnerability,
   and the manner in which the patch is ultimately released.

2) How do you wish to be credited for this discovery?  (Name, email
   address, etc.; affiliation is appropriate.)

3) Are there any other details regarding this disclosure that you
   think we should be aware of?  For example, does a CVE already
   exist, is there an organization which will be disclosing it
   directly after coordinating with us, etc.

> I hope that we can cooperate on solving this problem.

I am sure that we can.  Please be aware that our coordinated release
process often takes some time, due to the number of projects and
organizations involved.  Feel free to request an update if things seem
to be stalled, but please have patience with us if it takes a few
days/weeks.  :-)  The potential severity of this bug will likely fast
track it, although if we have to coordinate with MXit, they are often
slow to respond.

Ethan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 482 bytes
Desc: Digital signature
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20120523/585bc4fe/attachment.pgp>

More information about the security mailing list