hugo/content/about/security/advisories/cve-2010-1624-00.md

Thu, 02 Jan 2025 16:35:59 -0600

author
Gary Kramlich <grim@reaperworld.com>
date
Thu, 02 Jan 2025 16:35:59 -0600
changeset 545
cf811d26020d
parent 397
56acee7044a0
permissions
-rw-r--r--

Add a flathub verification token

Testing Done:
Ran with `npm run hugo:server` and verified the file was served properly.

Reviewed at https://reviews.imfreedom.org/r/3718/

---
title: cve-2010-1624-00
date: 2010-05-12T00:00:00.000Z
cveNumber: cve-2010-1624
summary: MSN emoticon denial of service
discoveredBy: Pierre Noguès of Meta Security
fixedInRelease: 2.7.0
type: security
layout: cve
hidden: true
---

### Description

A vulnerability was discovered in libpurple's MSN protocol plugin that can cause
a denial of service (crash) due to insufficient validation of certain SLP
packets related to custom emoticons. An attacker could use this vulnerability to
remotely crash a client using libpurple for MSN. It is not possible for this
vulnerability to be exploited for code execution. As a workaround, disabling
custom emoticons on MSN accounts will prevent the vulnerability.

### Mitigation

Validation has been added to the MSN plugin to prevent the crash.

mercurial