Summary MSN malformed SLP message overflow
Date 2008-07-01
CVE Number CVE-2008-2927
Discovered By Anonymous (via TippingPoint's Zero Day Initiative)
Fixed In Release 2.4.3


Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in libpurple allow remote attackers to execute arbitrary code via a malformed SLP message.


The affected function has been patched to fix the vulnerability.

Looking to reach us via XMPP? Check out the new PidginChat service!