Download
| Alert*
[3.5] pidgin: Out-of-bounds write when stripping xml (CVE-2017-2640)
An out-of-bounds write vulnerability was found in purple_markup_unescape_entity. It can be triggered by sending invalid XMLentities separated by whitespace, eg "ஸ". In default installation, this can get called only when receiving data from a server. Fixed In Version pidgin 2.12.0
|