CVE-2011-1091

libymsg.c in the Yahoo! protocol plugin in libpurple in Pidgin 2.6.0 through 2.7.10 allows (1) remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG notification packet, and allows (2) remote Yahoo! servers to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG SMS message.

Published: Mar 14, 2011
Updated: Apr 13, 2023
CVE: CVE-2011-1091
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:N/I:N/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
pidgin / pidgin	2.7.9	2.7.9.x
pidgin / pidgin	2.7.5	2.7.5.x
pidgin / pidgin	2.7.0	2.7.0.x
pidgin / pidgin	2.7.4	2.7.4.x
pidgin / pidgin	2.6.0	2.6.0.x
pidgin / pidgin	2.7.6	2.7.6.x
pidgin / pidgin	2.7.10	2.7.10.x
pidgin / pidgin	2.7.3	2.7.3.x
pidgin / pidgin	2.6.5	2.6.5.x
pidgin / pidgin	2.6.6	2.6.6.x
pidgin / pidgin	2.6.2	2.6.2.x
pidgin / pidgin	2.7.8	2.7.8.x
pidgin / pidgin	2.7.7	2.7.7.x
pidgin / pidgin	2.6.1	2.6.1.x
pidgin / pidgin	2.6.4	2.6.4.x
pidgin / pidgin	2.7.2	2.7.2.x
pidgin / pidgin	2.7.1	2.7.1.x

Vulnerability Database

289,697

CVE-2011-1091