CVE-2009-1376

CVSS 9.3 - HIGH

Description

Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows. NOTE: this issue exists because of an incomplete fix for CVE-2008-2927.

Affected Products

9

Vendor	Product	Version
pidgin	pidgin	`All versions`
pidgin	pidgin	`2.4.0`
pidgin	pidgin	`2.4.1`
pidgin	pidgin	`2.4.2`
pidgin	pidgin	`2.4.3`
pidgin	pidgin	`2.5.0`
pidgin	pidgin	`2.5.2`
pidgin	pidgin	`2.5.3`
pidgin	pidgin	`2.5.4`

References

http://debian.org/security/2009/dsa-1805

http://secunia.com/advisories/35188

http://secunia.com/advisories/35194

http://secunia.com/advisories/35202

http://secunia.com/advisories/35215

http://secunia.com/advisories/35294

http://secunia.com/advisories/35329

http://secunia.com/advisories/35330

http://secunia.com/advisories/37071

http://www.gentoo.org/security/en/glsa/glsa-200905...

http://www.mandriva.com/security/advisories?name=M...

http://www.mandriva.com/security/advisories?name=M...

http://www.pidgin.im/news/security/?id=32

http://www.redhat.com/support/errata/RHSA-2009-105...

http://www.redhat.com/support/errata/RHSA-2009-106...

http://www.securityfocus.com/bid/35067

http://www.ubuntu.com/usn/USN-781-1

http://www.ubuntu.com/usn/USN-781-2

http://www.vupen.com/english/advisories/2009/1396

https://bugzilla.redhat.com/show_bug.cgi?id=500493

Weakness Types

CWE-189

CVE Information

CVE ID:: CVE-2009-1376
Published:: 2009-05-26
Modified:: 2026-04-23
CVSS Score:: 9.3
Severity:: HIGH
Vector:: AV:N/AC:M/Au:N/C:C/I:C/A:C

Affected Vendors

pidgin

Quick Actions

View on NVD Find Similar CVEs

CVSS Severity Scale

0.0 - 3.9 LOW

4.0 - 6.9 MEDIUM

7.0 - 8.9 HIGH

9.0 - 10.0 CRITICAL