The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) prior to 2.5.9 and Adium 1.3.5 and previous versions, allows remote malicious users to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pidgin pidgin 2.0.1 |
||
pidgin pidgin 2.0.2 |
||
pidgin pidgin 2.3.1 |
||
pidgin pidgin 2.4.0 |
||
pidgin pidgin 2.5.3 |
||
pidgin pidgin 2.5.4 |
||
adium adium 1.3.3 |
||
adium adium 1.3.4 |
||
pidgin pidgin 2.0.0 |
||
pidgin pidgin 2.2.2 |
||
pidgin pidgin 2.3.0 |
||
pidgin pidgin 2.5.1 |
||
pidgin pidgin 2.5.2 |
||
adium adium 1.3.1 |
||
adium adium 1.3.2 |
||
pidgin pidgin 2.1.0 |
||
pidgin pidgin 2.1.1 |
||
pidgin pidgin 2.4.1 |
||
pidgin pidgin 2.4.2 |
||
pidgin pidgin 2.5.6 |
||
pidgin pidgin 2.5.7 |
||
pidgin pidgin |
||
adium adium |
||
pidgin pidgin 2.2.0 |
||
pidgin pidgin 2.2.1 |
||
pidgin pidgin 2.4.3 |
||
pidgin pidgin 2.5.0 |
||
adium adium 1.2.7 |
||
adium adium 1.3 |