Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin before 2.4.3 and Adium before 1.3 allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, a different vulnerability than CVE-2008-2955.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Pidgin | Pidgin | * | 2.4.2 (including) |
| Pidgin | Pidgin | 2.0.0 (including) | 2.0.0 (including) |
| Pidgin | Pidgin | 2.0.1 (including) | 2.0.1 (including) |
| Pidgin | Pidgin | 2.0.2 (including) | 2.0.2 (including) |
| Pidgin | Pidgin | 2.1.0 (including) | 2.1.0 (including) |
| Pidgin | Pidgin | 2.1.1 (including) | 2.1.1 (including) |
| Pidgin | Pidgin | 2.2.0 (including) | 2.2.0 (including) |
| Pidgin | Pidgin | 2.2.1 (including) | 2.2.1 (including) |
| Pidgin | Pidgin | 2.2.2 (including) | 2.2.2 (including) |
| Pidgin | Pidgin | 2.3.0 (including) | 2.3.0 (including) |
| Pidgin | Pidgin | 2.3.1 (including) | 2.3.1 (including) |
| Pidgin | Pidgin | 2.4.0 (including) | 2.4.0 (including) |
| Pidgin | Pidgin | 2.4.1 (including) | 2.4.1 (including) |
| Red Hat Enterprise Linux 3 | RedHat | pidgin-0:1.5.1-2.el3 | * |
| Red Hat Enterprise Linux 4 | RedHat | pidgin-0:1.5.1-2.el4 | * |
| Red Hat Enterprise Linux 5 | RedHat | pidgin-0:2.3.1-2.el5_2 | * |
| Gaim | Ubuntu | dapper | * |
| Gaim | Ubuntu | feisty | * |
| Gaim | Ubuntu | upstream | * |
| Pidgin | Ubuntu | gutsy | * |
| Pidgin | Ubuntu | hardy | * |
| Pidgin | Ubuntu | upstream | * |