Pidgin Security Advisory

TitleMSN malformed SLP message overflow
Date2008-07
CVE NameCVE-2008-2927
Discovered ByAnonymous (via TippingPoint's Zero Day Initiative)
SummaryMalformed SLP messages can cause a buffer overflow
DescriptionMultiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in libpurple allow remote attackers to execute arbitrary code via a malformed SLP message.
Fixed in Version2.4.3
FixThe affected function has been patched to fix the vulnerability.

Return to Security Advisory Index