Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows. NOTE: this issue exists because of an incomplete fix for CVE-2008-2927.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2009-05-26T15:16:00
Updated: 2024-08-07T05:13:25.437Z
Reserved: 2009-04-23T00:00:00
Link: CVE-2009-1376
Vulnrichment
No data.
NVD
Status : Modified
Published: 2009-05-26T15:30:05.280
Modified: 2024-11-21T01:02:20.130
Link: CVE-2009-1376
Redhat