CVE-2009-1376

2009-05-2600:00:00

ubuntu.com

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.203 Low

EPSS

Percentile

96.3%

JSON

Multiple integer overflows in the msn_slplink_process_msg functions in the
MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2)
libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6
on 32-bit platforms allow remote attackers to execute arbitrary code via a
malformed SLP message with a crafted offset value, leading to buffer
overflows. NOTE: this issue exists because of an incomplete fix for
CVE-2008-2927.

Bugs

<https://bugs.launchpad.net/bugs/384222>

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchgaim< 1:1.5.0+1.5.1cvs20051015-1ubuntu10.2UNKNOWN
ubuntu8.04noarchpidgin< 1:2.4.1-1ubuntu2.4UNKNOWN
ubuntu8.10noarchpidgin< 1:2.5.2-0ubuntu1.2UNKNOWN
ubuntu9.04noarchpidgin< 1:2.5.5-1ubuntu8.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	6.06	noarch	gaim	< 1:1.5.0+1.5.1cvs20051015-1ubuntu10.2	UNKNOWN
ubuntu	8.04	noarch	pidgin	< 1:2.4.1-1ubuntu2.4	UNKNOWN
ubuntu	8.10	noarch	pidgin	< 1:2.5.2-0ubuntu1.2	UNKNOWN
ubuntu	9.04	noarch	pidgin	< 1:2.5.5-1ubuntu8.1	UNKNOWN