CVE-2010-3711

Publication date 27 October 2010

Last updated 24 July 2024

libpurple in Pidgin before 2.7.4 does not properly validate the return value of the purple_base64_decode function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a crafted message, related to the plugins for MSN, MySpaceIM, XMPP, and Yahoo! and the NTLM authentication support.

Status

Show unmaintained releases

Package	Ubuntu Release	Status

How can I get the fixes?
What do statuses mean?
Patch details

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-1014-1
Pidgin vulnerabilities
4 November 2010

Other references

http://pidgin.im/news/security/?id=48
https://www.cve.org/CVERecord?id=CVE-2010-3711