CVE-2011-3594

Severity CVSS v4.0:
Pending analysis
Type:
CWE-119 Buffer Errors
Publication date:
04/11/2011
Last modified:
11/04/2025

Description

The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service (crash) via invalid UTF-8 sequences that trigger use of invalid pointers and an out-of-bounds read, related to interactions with certain versions of glib2.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:pidgin:libpurple:*:*:*:*:*:*:*:* 2.10.0 (including)
cpe:2.3:a:pidgin:libpurple:1.0:*:*:*:*:*:*:*
cpe:2.3:a:pidgin:libpurple:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:pidgin:libpurple:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:pidgin:libpurple:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:pidgin:libpurple:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:pidgin:libpurple:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:pidgin:libpurple:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:pidgin:libpurple:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:pidgin:libpurple:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:pidgin:libpurple:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:pidgin:libpurple:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:pidgin:libpurple:2.4.0:*:*:*:*:*:*:*
cpe:2.3:a:pidgin:libpurple:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:pidgin:libpurple:2.4.2:*:*:*:*:*:*:*