cve-2017-2640-00

Summary Out-of-bounds write when stripping xml
Date 2017-03-09
CVE Number CVE-2017-2640
Discovered By Joseph Bisch
Fixed In Release 2.12.0

Description

An out-of-bounds write when invalid xml is sent by a malicious server.

Mitigation

Only decode HTML entities that are well formed.

Looking to reach us via XMPP? Check out the new PidginChat service!