CVE-2009-1373

Publication date 26 May 2009

Last updated 4 August 2025

Ubuntu priority

Description

Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. NOTE: some of these details are obtained from third party information.

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
gaim	9.04 jaunty	Not in release
	8.10 intrepid	Not in release
	8.04 LTS hardy	Not in release
	7.10 gutsy	Not in release
	6.06 LTS dapper	Fixed 1:1.5.0+1.5.1cvs20051015-1ubuntu10.2
pidgin	9.04 jaunty	Fixed 1:2.5.5-1ubuntu8.1
	8.10 intrepid	Fixed 1:2.5.2-0ubuntu1.2
	8.04 LTS hardy	Fixed 1:2.4.1-1ubuntu2.4
	7.04 feisty	Not in release
	6.06 LTS dapper	Not in release

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
pidgin	Upstream: http://developer.pidgin.im/viewmtn/revision/info/8331e31aeb0f14ac9b94a06bea4353bd9a01ba5a

References

Related Ubuntu Security Notices (USN)

USN-781-2
Gaim vulnerabilities
3 June 2009

USN-781-1
Pidgin vulnerabilities
3 June 2009

Other references

https://www.cve.org/CVERecord?id=CVE-2009-1373