CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
EPSS
Percentile
93.4%
The g_markup_escape_text function in the SILC protocol plug-in in libpurple
2.10.0 and earlier, as used in Pidgin and possibly other products, allows
remote attackers to cause a denial of service (crash) via invalid UTF-8
sequences that trigger use of invalid pointers and an out-of-bounds read,
related to interactions with certain versions of glib2.
Author | Note |
---|---|
mdeslaur | Oneiric+ isn’t built with SILC support |