CVE-2007-4996 Information

Description

libpurple in Pidgin before 2.2.1 does not properly handle MSN nudge messages from users who are not on the receiver’s buddy list which allows remote attackers to cause a denial of service (crash) via a nudge message that triggers an access of \an invalid memory location.\

Reference

http://fedoranews.org/updates/FEDORA-2007-236.shtml http://secunia.com/advisories/27010 http://secunia.com/advisories/27088 http://www.pidgin.im/news/security/?id=23 http://www.securityfocus.com/archive/1/481402/100/0/threaded http://www.securityfocus.com/bid/25872 http://www.vupen.com/english/advisories/2007/3321 https://exchange.xforce.ibmcloud.com/vulnerabilities/36884 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A18261