| Summary | MSN handwritten message crash |
|---|---|
| Date | 2009-09-03 |
| CVE Number | CVE-2009-3084 |
| Discovered By | aly89 in ticket |
| Fixed In Release | 2.6.2 |
The MSN protocol plugin used an incorrect character encoding when attempting to convert handwritten messages from one encoding to another. This caused the conversion to fail. This failure combined with an uninitialized variable can trigger a crash. The only vulnerable versions of libpurple are 2.6.0 and 2.6.1.
Use the correct character set name and initialize error to NULL.