CVE-2009-2694
Published: 21 August 2009
The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376.
Priority
Status
Package | Release | Status |
---|---|---|
gaim Launchpad, Ubuntu, Debian |
gutsy |
Does not exist
|
dapper |
Ignored
(end of life)
|
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
upstream |
Needs triage
|
|
pidgin Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
feisty |
Does not exist
|
|
hardy |
Released
(1:2.4.1-1ubuntu2.6)
|
|
intrepid |
Released
(1:2.5.2-0ubuntu1.4)
|
|
jaunty |
Released
(1:2.5.5-1ubuntu8.4)
|
|
upstream |
Released
(2.6.0)
|
|
Patches: upstream: http://developer.pidgin.im/viewmtn/revision/info/6f7343166c673bf0496ecb1afec9b633c1d54a0e upstream: http://developer.pidgin.im/viewmtn/revision/info/0899f42c08f68d7811a5b0ebe68acd5b85eddc13 |