Scientific Linux Security Update : pidgin on SL3.x, SL4.x, SL5.x i386/x86_64

CVE-2009-2694 pidgin: insufficient input validation in msnslplinkprocessmsg Federico Muttis of Core Security Technologies discovered a flaw in Pidgin's MSN protocol handler. If a user received a malicious MSN message, it was possible to execute arbitrary code with the permissions of the user...

FreeBSD Ports: pidgin, libpurple, finch

The remote host is missing an update to the system as announced in the referenced advisory. VID 59e7af2d-8db7-11de-883b-001e3300a30d OpenVAS Vulnerability Test $ Description: Auto generated from VID 59e7af2d-8db7-11de-883b-001e3300a30d Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

Memory corruption

The msnslplinkprocessmsg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin formerly Gaim before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash by sending multiple...

Pidgin Libpurple库msn_slplink_process_msg()函数内存破坏漏洞

CVECAN ID: CVE-2009-2694 Pidgin是支持多种协议的即时通讯客户端。 Pidgin和其他一些即时消息客户端所使用的Libpurple库中存在内存破坏漏洞，远程攻击者可以通过向聊天客户端发送特制的MSNSLP报文触发这个漏洞，导致执行任意代码。 攻击需要发送两个连续的MSNSLP消息，第一个用于对slpmsg存储会话id，第二个用于触发漏洞，最终目标是到达msnslplinkprocessmsg中的memcpy调用。需要创建偏移为非0的MSNSLP消息，因为这个值是memcpy的目标。...

CVE-2009-2694

The msnslplinkprocessmsg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin formerly Gaim before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash by sending multiple...

Mandrake Security Advisory MDVSA-2009:147 (pidgin)

The remote host is missing an update to pidgin announced via advisory MDVSA-2009:147. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...

CVE-2008-2955

Pidgin 2.4.1 allows remote attackers to cause a denial of service crash via a long filename that contains certain characters, as demonstrated using an MSN message that triggers the crash in the msnslplinkprocessmsg function...

CVE-2008-2955

Pidgin 2.4.1 allows remote attackers to cause a denial of service crash via a long filename that contains certain characters, as demonstrated using an MSN message that triggers the crash in the msnslplinkprocessmsg function...