pidgin
Page content
- Vulnerable: 2.3.1-2
- Unaffected: 2.4.3-1kalgan1
Some vulnerabilities have been reported in Pidgin, which potentially can be exploited by malicious people to compromise a user’s system. The vulnerabilities are caused due to integer overflow errors in the “msn_slplink_process_msg” function in libpurple/protocols/msnp9/slplink.c and libpurple/protocols/msn/slplink.c, and can potentially be exploited to execute arbitrary code via a specially crafted SLP message. Successful exploitation requires that the attacker is allowed to send messages to a victim (by default only users in the buddy list).
- Bug Tracker URL: http://bugs.frugalware.org/task/3217