The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376.

Threat-Mapped Scoring

Score: 1.9

Priority: P3 - Important (Medium)

• S9 – Sabotage of System/App
• S10 – Denial of Service (+0.1 bonus)

EPSS

Score: 0.34578
Percentile: 0.96816

CVSS Scoring

Affected Products

• cpe:2.3:a:adium:adium:*:*:*:*:*:*:*:*
• cpe:2.3:a:adium:adium:1.2.7:*:*:*:*:*:*:*
• cpe:2.3:a:adium:adium:1.3:*:*:*:*:*:*:*
• cpe:2.3:a:adium:adium:1.3.1:*:*:*:*:*:*:*
• cpe:2.3:a:adium:adium:1.3.2:*:*:*:*:*:*:*
• cpe:2.3:a:adium:adium:1.3.3:*:*:*:*:*:*:*
• cpe:2.3:a:adium:adium:1.3.4:*:*:*:*:*:*:*
• cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*
• cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*
• cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*
• cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*
• cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*
• cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*
• cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*
• cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*
• cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*
• cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*
• cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*
• cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*
• cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*
• cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*
• cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*
• cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*
• cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*
• cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*
• cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*
• cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*
• cpe:2.3:a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:*
• cpe:2.3:a:pidgin:pidgin:2.5.7:*:*:*:*:*:*:*

← Back to Home