Adrien Guinet

**Name of the Vulnerable Software and Affected Versions** Irssi versions prior to 0.8.20 **Description** The issue allows remote attackers to cause a denial of service, resulting in heap corruption and crash, via an incomplete 24bit color code. This occurs in the unformat 24bit color function within the format parsing code when Irssi is compiled with true-color enabled. **Recommendations** For versions prior to 0.8.20, update to version 0.8.20 or later to resolve the issue. As a temporary workaround, consider disabling true-color support until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Irssi versions prior to 0.8.20 **Description** The issue allows remote attackers to cause a denial of service, resulting in heap corruption and a crash, through vectors involving the length of a string. This is due to a problem in the format send to gui function in the format parsing code. **Recommendations** For versions prior to 0.8.20, update to version 0.8.20 or later to resolve the issue. As a temporary workaround, consider restricting access to the format send to gui function until a patch is available.