CVE-2010-3711

2010-10-2700:00:00

ubuntu.com

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.011 Low

EPSS

Percentile

84.5%

JSON

libpurple in Pidgin before 2.7.4 does not properly validate the return
value of the purple_base64_decode function, which allows remote
authenticated users to cause a denial of service (NULL pointer dereference
and application crash) via a crafted message, related to the plugins for
MSN, MySpaceIM, XMPP, and Yahoo! and the NTLM authentication support.

Bugs

<https://bugs.launchpad.net/ubuntu/+source/pidgin/+bug/666998>

OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchpidgin< 1:2.4.1-1ubuntu2.10UNKNOWN
ubuntu9.10noarchpidgin< 1:2.6.2-1ubuntu7.3UNKNOWN
ubuntu10.04noarchpidgin< 1:2.6.6-1ubuntu4.1UNKNOWN
ubuntu10.10noarchpidgin< 1:2.7.3-1ubuntu3.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	8.04	noarch	pidgin	< 1:2.4.1-1ubuntu2.10	UNKNOWN
ubuntu	9.10	noarch	pidgin	< 1:2.6.2-1ubuntu7.3	UNKNOWN
ubuntu	10.04	noarch	pidgin	< 1:2.6.6-1ubuntu4.1	UNKNOWN
ubuntu	10.10	noarch	pidgin	< 1:2.7.3-1ubuntu3.1	UNKNOWN