CVE-2009-2703

Publication date 8 September 2009

Last updated 24 July 2024

libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple in Pidgin before 2.6.2 allows remote IRC servers to cause a denial of service (NULL pointer dereference and application crash) via a TOPIC message that lacks a topic string.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
pidgin	9.10 karmic	Not affected
	9.04 jaunty	Fixed 1:2.5.5-1ubuntu8.5
	8.10 intrepid	Fixed 1:2.5.2-0ubuntu1.6
	8.04 LTS hardy	Fixed 1:2.4.1-1ubuntu2.8
	6.06 LTS dapper	Not in release

How can I get the fixes?
What do statuses mean?
Patch details

Notes

mdeslaur

PoC in Red Hat bug

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
pidgin	Upstream: http://developer.pidgin.im/viewmtn/revision/info/ad2c6ee53ec9122b25aeb1f918db53be69bdeac3

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-886-1
Pidgin vulnerabilities
18 January 2010

Other references

http://www.pidgin.im/news/security/index.php?id=40
http://pidgin.im/pipermail/devel/2009-September/008850.html
https://www.cve.org/CVERecord?id=CVE-2009-2703