CVE-2009-1376

Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows. NOTE: this issue exists because of an incomplete fix for CVE-2008-2927.

Affected Software

Name	Vendor	Start Version	End Version
Pidgin	Pidgin	*	2.5.5 (including)
Pidgin	Pidgin	2.4.0-32_bit (including)	2.4.0-32_bit (including)
Pidgin	Pidgin	2.4.1-32_bit (including)	2.4.1-32_bit (including)
Pidgin	Pidgin	2.4.2-32_bit (including)	2.4.2-32_bit (including)
Pidgin	Pidgin	2.4.3-32_bit (including)	2.4.3-32_bit (including)
Pidgin	Pidgin	2.5.0-32_bit (including)	2.5.0-32_bit (including)
Pidgin	Pidgin	2.5.2-32_bit (including)	2.5.2-32_bit (including)
Pidgin	Pidgin	2.5.3-32_bit (including)	2.5.3-32_bit (including)
Pidgin	Pidgin	2.5.4-32_bit (including)	2.5.4-32_bit (including)
Red Hat Enterprise Linux 3	RedHat	pidgin-0:1.5.1-3.el3	*
Red Hat Enterprise Linux 4	RedHat	pidgin-0:2.5.5-2.el4	*
Red Hat Enterprise Linux 5	RedHat	pidgin-0:2.5.5-3.el5	*
Gaim	Ubuntu	dapper	*
Gaim	Ubuntu	upstream	*
Pidgin	Ubuntu	hardy	*
Pidgin	Ubuntu	intrepid	*
Pidgin	Ubuntu	jaunty	*
Pidgin	Ubuntu	upstream	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2009-1376
CWE	https://cwe.mitre.org/data/definitions/189.html

Affected Software

References