CVE-2009-2694
CRITICAL
10.0
CVSS Severity Score
Vulnerability Description
The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376.
Affected Platforms (CPE)
π¦
Adium
Adium
<= 1.3.5π¦
Adium
Adium
= 1.2.7π¦
Adium
Adium
= 1.3π¦
Adium
Adium
= 1.3.1π¦
Adium
Adium
= 1.3.2π¦
Adium
Adium
= 1.3.3π¦
Adium
Adium
= 1.3.4π¦
Pidgin
Pidgin
<= 2.5.8π¦
Pidgin
Pidgin
= 2.0.0π¦
Pidgin
Pidgin
= 2.0.1π¦
Pidgin
Pidgin
= 2.0.2π¦
Pidgin
Pidgin
= 2.1.0π¦
Pidgin
Pidgin
= 2.1.1π¦
Pidgin
Pidgin
= 2.2.0π¦
Pidgin
Pidgin
= 2.2.1π¦
Pidgin
Pidgin
= 2.2.2π¦
Pidgin
Pidgin
= 2.3.0π¦
Pidgin
Pidgin
= 2.3.1π¦
Pidgin
Pidgin
= 2.4.0π¦
Pidgin
Pidgin
= 2.4.1π¦
Pidgin
Pidgin
= 2.4.2π¦
Pidgin
Pidgin
= 2.4.3π¦
Pidgin
Pidgin
= 2.5.0π¦
Pidgin
Pidgin
= 2.5.1π¦
Pidgin
Pidgin
= 2.5.2π¦
Pidgin
Pidgin
= 2.5.3π¦
Pidgin
Pidgin
= 2.5.4π¦
Pidgin
Pidgin
= 2.5.6π¦
Pidgin