[Pidgin] #11470: CVE-2008-2956 denial-of-service

Pidgin trac at pidgin.im
Sun Feb 28 16:45:18 EST 2010

#11470: CVE-2008-2956 denial-of-service
 Reporter:  mgilbert      |     Owner:  rekkanoryo
     Type:  defect        |    Status:  new       
Component:  unclassified  |   Version:  2.6.6     
 Keywords:                |  
 hi, CVE-2008-2956 was disclosud a couple years ago, but is still open in
 pidgin.  this is a denial-of-service due to a memory consumption caused by
 malformed xml documents [0].  there was a preliminary patch at one point,
 but those pages no longer exist [1].  there may be some other useful info
 in the debian bug report.  thanks.

 [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2956

 [1] http://crisp.cs.du.edu/?q=ca2007-1

 [2] http://bugs.debian.org/488632

Ticket URL: <http://developer.pidgin.im/ticket/11470>
Pidgin <http://pidgin.im>

More information about the Tracker mailing list