CVE-2011-3594

NameCVE-2011-3594
DescriptionThe g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service (crash) via invalid UTF-8 sequences that trigger use of invalid pointers and an out-of-bounds read, related to interactions with certain versions of glib2.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
pidgin (PTS)buster2.13.0-2fixed
bullseye2.14.1-1fixed
bookworm, sid2.14.10-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
pidginsourcesqueeze2.7.3-1+squeeze2
pidginsource(unstable)2.10.1-1unimportant

Notes

relatively obscure client crash

Search for package or bug name: Reporting problems