Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin before 2.4.3 and Adium before 1.3 allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, a different vulnerability than CVE-2008-2955.
2008-07-07T23:41:00.000
2025-04-09T00:30:58.490
Deferred
CVSSv2: 6.8 (MEDIUM)
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.6
6.4
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | pidgin | pidgin | ≤ 2.4.2 | Yes |
Application | pidgin | pidgin | 2.0.0 | Yes |
Application | pidgin | pidgin | 2.0.1 | Yes |
Application | pidgin | pidgin | 2.0.2 | Yes |
Application | pidgin | pidgin | 2.1.0 | Yes |
Application | pidgin | pidgin | 2.1.1 | Yes |
Application | pidgin | pidgin | 2.2.0 | Yes |
Application | pidgin | pidgin | 2.2.1 | Yes |
Application | pidgin | pidgin | 2.2.2 | Yes |
Application | pidgin | pidgin | 2.3.0 | Yes |
Application | pidgin | pidgin | 2.3.1 | Yes |
Application | pidgin | pidgin | 2.4.0 | Yes |
Application | pidgin | pidgin | 2.4.1 | Yes |
Application | adium | adium | ≤ 1.2.7 | Yes |
Application | adium | adium | 1.0 | Yes |
Application | adium | adium | 1.0.1 | Yes |
Application | adium | adium | 1.0.2 | Yes |
Application | adium | adium | 1.0.3 | Yes |
Application | adium | adium | 1.0.4 | Yes |
Application | adium | adium | 1.0.5 | Yes |
Application | adium | adium | 1.1 | Yes |
Application | adium | adium | 1.1.1 | Yes |
Application | adium | adium | 1.1.2 | Yes |
Application | adium | adium | 1.1.3 | Yes |
Application | adium | adium | 1.1.4 | Yes |