Launchpad CVE tracker

CVE 2010-3711

libpurple in Pidgin before 2.7.4 does not properly validate the return value of the purple_base64_decode function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a crafted message, related to the plugins for MSN, MySpaceIM, XMPP, and Yahoo! and the NTLM authentication support.

Related bugs and status

CVE-2010-3711 (Candidate) is related to these bugs:

Bug #665666: [needs-packaging] Pidgin 2.7.4

Summary				In	Importance	Status
	665666	[needs-packaging] Pidgin 2.7.4		GetDeb Software Portal	Medium	Fix Released

Bug #666998: CVE-2010-3711 security vulnerability in pidgin < 2.7.4

		In	Importance	Status
666998	CVE-2010-3711 security vulnerability in pidgin < 2.7.4	pidgin (Ubuntu)	Medium	Fix Released
666998	CVE-2010-3711 security vulnerability in pidgin < 2.7.4	pidgin (Ubuntu Hardy)	Medium	Fix Released
666998	CVE-2010-3711 security vulnerability in pidgin < 2.7.4	pidgin (Ubuntu Karmic)	Medium	Fix Released
666998	CVE-2010-3711 security vulnerability in pidgin < 2.7.4	pidgin (Ubuntu Natty)	Medium	Fix Released
666998	CVE-2010-3711 security vulnerability in pidgin < 2.7.4	pidgin (Ubuntu Lucid)	Medium	Fix Released
666998	CVE-2010-3711 security vulnerability in pidgin < 2.7.4	pidgin (Ubuntu Maverick)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2010-3711

References