CVE-2013-6479

Publication date 5 February 2014

Last updated 24 July 2024


Ubuntu priority

util.c in libpurple in Pidgin before 2.10.8 does not properly allocate memory for HTTP responses that are inconsistent with the Content-Length header, which allows remote HTTP servers to cause a denial of service (application crash) via a crafted response.

Status

Package Ubuntu Release Status
pidgin 13.10 saucy
Fixed 1:2.10.7-0ubuntu4.1.13.10.1
12.10 quantal
Fixed 1:2.10.6-0ubuntu2.3
12.04 LTS precise
Fixed 1:2.10.3-0ubuntu1.4
10.04 LTS lucid Ignored end of life

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
pidgin

References

Related Ubuntu Security Notices (USN)

    • USN-2100-1
    • Pidgin vulnerabilities
    • 6 February 2014

Other references