Description
The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service (crash) via invalid UTF-8 sequences that trigger use of invalid pointers and an out-of-bounds read, related to interactions with certain versions of glib2.
CVSS vector
AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9Confidentiality: None
Integrity: None
Affected Packages4 packages
🔴Vulnerability Details
4GHSAGHSA-6f79-g335-f9mf: The silc_channel_message function in ops↗2022-05-17 GHSAGHSA-5qw6-gghj-96qh: The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2↗2022-05-17 OSVCVE-2011-4603: The silc_channel_message function in ops↗2011-12-17 OSVCVE-2011-3594: The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2↗2011-11-04 📋Vendor Advisories
5Red Hatpidgin: SILC remote crash on channel messages↗2011-12-11 UbuntuPidgin vulnerabilities↗2011-11-21 Red Hatlibpurple: invalid UTF-8 string handling in SILC messages↗2011-09-29 DebianCVE-2011-4603: pidgin - The silc_channel_message function in ops.c in the SILC protocol plugin in libpur...↗2011 DebianCVE-2011-3594: pidgin - The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10...↗2011 💬Community
3BugzillaCVE-2011-4603 pidgin: SILC remote crash on channel messages↗2011-12-12 BugzillaCVE-2011-3594 libpurple: invalid UTF-8 string handling in SILC messages [fedora-all]↗2011-10-05 BugzillaCVE-2011-3594 libpurple: invalid UTF-8 string handling in SILC messages↗2011-10-05