MidnightBSD

Advisories for adium

CVE-2008-2927 MEDIUM

Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin before 2.4.3 and Adium before 1.3 allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, a different vulnerability than CVE-2008-2955.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
pidgin pidgin 2.1.0
pidgin pidgin 2.0.2
pidgin pidgin 2.2.2
pidgin pidgin 2.4.1
adium adium 1.0
pidgin pidgin 2.3.0
pidgin pidgin 2.3.1
adium adium 1.1.4
adium adium 1.0.2
adium adium 1.1
pidgin pidgin 2.0.1
pidgin pidgin 2.2.0
adium adium 1.0.4
adium adium 1.0.3
adium adium 1.0.1
adium adium 1.1.1
pidgin pidgin 2.0.0
adium adium 1.0.5
pidgin pidgin 2.2.1
adium adium 1.1.3
pidgin pidgin *
adium adium *
adium adium 1.1.2
pidgin pidgin 2.4.0
pidgin pidgin 2.1.1
CVE-2010-0013 MEDIUM

Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
adium adium 1.3.8
pidgin pidgin 2.6.4