CVE-2009-1376

Priority
Medium
Description
Multiple integer overflows in the msn_slplink_process_msg functions in the
MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2)
libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6
on 32-bit platforms allow remote attackers to execute arbitrary code via a
malformed SLP message with a crafted offset value, leading to buffer
overflows. NOTE: this issue exists because of an incomplete fix for
CVE-2008-2927.
References
Bugs
Package
Upstream:released (2.5.6)
Ubuntu 8.04 LTS (Hardy Heron):released (1:2.4.1-1ubuntu2.4)
Patches:
Upstream:http://developer.pidgin.im/viewmtn/revision/info/9dd1c4c3db68a80dbf157a0c0bc0c723e42b7a6e
Package
Source: gaim (LP Ubuntu Debian)
Upstream:released (2.5.6)
Ubuntu 8.04 LTS (Hardy Heron):DNE
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:19:48 UTC (commit 5347)