CVE-2009-2694
CRITICAL
10.0
CVSS Severity Score
Vulnerability Description
The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376.
Affected Platforms (CPE)
📦
Adium
Adium
<= 1.3.5📦
Adium
Adium
= 1.2.7📦
Adium
Adium
= 1.3📦
Adium
Adium
= 1.3.1📦
Adium
Adium
= 1.3.2📦
Adium
Adium
= 1.3.3📦
Adium
Adium
= 1.3.4📦
Pidgin
Pidgin
<= 2.5.8📦
Pidgin
Pidgin
= 2.0.0📦
Pidgin
Pidgin
= 2.0.1📦
Pidgin
Pidgin
= 2.0.2📦
Pidgin
Pidgin
= 2.1.0📦
Pidgin
Pidgin
= 2.1.1📦
Pidgin
Pidgin
= 2.2.0📦
Pidgin
Pidgin
= 2.2.1📦
Pidgin
Pidgin
= 2.2.2📦
Pidgin
Pidgin
= 2.3.0📦
Pidgin
Pidgin
= 2.3.1📦
Pidgin
Pidgin
= 2.4.0📦
Pidgin
Pidgin
= 2.4.1📦
Pidgin
Pidgin
= 2.4.2📦
Pidgin
Pidgin
= 2.4.3📦
Pidgin
Pidgin
= 2.5.0📦
Pidgin
Pidgin
= 2.5.1📦
Pidgin
Pidgin
= 2.5.2📦
Pidgin
Pidgin
= 2.5.3📦
Pidgin
Pidgin
= 2.5.4📦
Pidgin
Pidgin
= 2.5.6📦
Pidgin