Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows. NOTE: this issue exists because of an incomplete fix for CVE-2008-2927.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2009-05-26T15:16:00

Updated: 2024-08-07T05:13:25.437Z

Reserved: 2009-04-23T00:00:00

Link: CVE-2009-1376

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2009-05-26T15:30:05.280

Modified: 2024-11-21T01:02:20.130

Link: CVE-2009-1376

cve-icon Redhat

Severity : Important

Publid Date: 2009-05-02T00:00:00Z

Links: CVE-2009-1376 - Bugzilla