CVE-2008-2957

Name of the Vulnerable Software and Affected Versions Pidgin versions 2.0.0 and earlier libpurple versions 2.5.2 and earlier libpurple-devel versions 2.5.2 and earlier libpurple-tcl versions 2.5.2 and earlier

Description The issue allows remote attackers to trigger the download of arbitrary files and cause a denial of service via a UDP packet that specifies an arbitrary URL. Exploitation of the vulnerabilities can lead to disruption of confidentiality, integrity, and availability of protected information. The exploitation can be carried out remotely.

Recommendations For Pidgin version 2.0.0, consider disabling the UPnP functionality to prevent exploitation. For libpurple, libpurple-devel, and libpurple-tcl versions 2.5.2, restrict access to the vulnerable components to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.