Remote crash

[Chris Croy]

For several months people have been able to remotely crash anyone using
Pidgin by copy/pasting certain strings into an IRC channel. Here is an
example I just got hit with, copy/pasted from my log file:

^ÂÊÎÔÛâêîôûĈĉĜĝĤĥĴĵŜŝŴŵŶŷˆ̭̂᷍ḒḓḘḙḼḽṊṋṰṱṶṷẐẑẤấẦầẨẩẪẫẬậẾếỀềỂểỄễỆệỐốỒồỔổỖỗỘộ⨣⨶⩯ꞈ

Viewing that string with pidgin in any way causes a crash. I can crash
myself by pasting the string into pidgin or viewing a log from within
pidgin. I get the same error message every time. It is titled Microsoft
Visual C++ Runtime Library. It says, "The application has requested the
Runtime to terminate it in an unusual way. Please contact the application's
support team for more information."

I am using version 2.10.6. I am not using any addons or plugins.

-Chris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20130115/91fd1e2f/attachment.html>