Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin before 2.4.3 and Adium before 1.3 allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, a different vulnerability than CVE-2008-2955.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| pidgin | pidgin | 2.1.0 |
| pidgin | pidgin | 2.0.2 |
| pidgin | pidgin | 2.2.2 |
| pidgin | pidgin | 2.4.1 |
| adium | adium | 1.0 |
| pidgin | pidgin | 2.3.0 |
| pidgin | pidgin | 2.3.1 |
| adium | adium | 1.1.4 |
| adium | adium | 1.0.2 |
| adium | adium | 1.1 |
| pidgin | pidgin | 2.0.1 |
| pidgin | pidgin | 2.2.0 |
| adium | adium | 1.0.4 |
| adium | adium | 1.0.3 |
| adium | adium | 1.0.1 |
| adium | adium | 1.1.1 |
| pidgin | pidgin | 2.0.0 |
| adium | adium | 1.0.5 |
| pidgin | pidgin | 2.2.1 |
| adium | adium | 1.1.3 |
| pidgin | pidgin | * |
| adium | adium | * |
| adium | adium | 1.1.2 |
| pidgin | pidgin | 2.4.0 |
| pidgin | pidgin | 2.1.1 |
Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| adium | adium | 1.3.8 |
| pidgin | pidgin | 2.6.4 |