cve-2013-6482-02

Summary NULL pointer dereference parsing OIM data in MSN
Date 2014-01-28
CVE Number CVE-2013-6482
Discovered By Fabian Yamaguchi and Christian Wressnegger of the University of Goettingen
Fixed In Release 2.10.8

Description

A malicious server or man-in-the-middle could send us a specially-crafted XML response that results in a NULL pointer dereference.

Mitigation

Check for NULL before calling atoi().

Looking to reach us via XMPP? Check out the new PidginChat service!