6 matches found
CVE-2008-2927
CVE-2008-2927 affects the MSN protocol handler in libpurple (msn/slplink.c and msnp9/slplink.c) used by Pidgin before 2.4.3 and Adium before 1.3. It is caused by multiple integer overflow/offset handling issues in msn_slplink_process_msg triggered by a malformed SLP message, enabling remote arbit...
CVE-2009-2694
CVE-2009-2694 affects Libpurple’s MSN protocol handler (msn_slplink_process_msg) used by Pidgin (and Adium) before version 2.5.9. The flaw allows remote memory corruption via crafted MSNSLP messages, enabling arbitrary code execution or a crash. Root cause is an incomplete fix and improper handli...
CVE-2009-3615
CVE-2009-3615 affects Pidgin’s OSCAR protocol (libpurple) in versions prior to 2.6.3 and Adium prior to 1.3.7. A remote attacker could supply crafted contact-list data (ICQ, possibly AIM) to trigger an invalid pointer dereference, causing the application to crash (denial of service). Several Ness...
CVE-2010-0277
CVE-2010-0277 concerns the MSN protocol plugin (libpurple/Pidgin) where, prior to versions around 2.6.6, a malformed MSNSLP INVITE in an SLP message could trigger a remote crash/memory corruption. Affected products and timelines in the provided documents show this as a remote crash/DoS vulnerabil...
CVE-2010-0013
CVE-2010-0013 affects Pidgin (libpurple) via the MSN protocol plugin, specifically the slp.c code path handling custom smiley requests. A directory traversal vulnerability in an MSN emoticon request (.. in filename) could allow remote attackers to read arbitrary files on the affected host. Root c...
CVE-2008-7190
CVE-2008-7190 affects Adium before 1.2. Connected documents summarize an unspecified vulnerability linked to javascript: URLs with possibly cross-site scripting. However, there is no concrete root cause, impact details, exploit path, affected components beyond the product/version reference, or re...