[3.6] pidgin: Out-of-bounds write when stripping xml (CVE-2017-2640)
An out-of-bounds write vulnerability was found in
purple_markup_unescape_entity. It can be triggered by sending invalid
XML
entities separated by whitespace, eg “ஸ”. In default installation, this
can get called only when receiving data from a server.
Fixed In Version:
pidgin 2.12.0
References:
https://pidgin.im/news/security/
Patch:
https://bitbucket.org/pidgin/main/commits/b2fc9e774cb9
(from redmine: issue id 7000, created on 2017-03-13, closed on 2017-05-02)
- Relations:
- parent #6999 (closed)