CVE-2009-2694

Name of the Vulnerable Software and Affected Versions libpurple versions 2.5.9 and earlier

Description The issue is related to the msn slplink process msg function in libpurple, which allows remote attackers to execute arbitrary code or cause a denial of service by sending multiple crafted SLP messages. This can lead to memory corruption and application crash, compromising the confidentiality, integrity, and availability of protected information. The exploitation can be carried out remotely.

Recommendations For libpurple versions 2.5.9 and earlier, consider updating to a version later than 2.5.9 to resolve the issue. As a temporary workaround, restrict the use of the msn slplink process msg function until a patch is available. Additionally, be cautious when receiving SLP messages to minimize the risk of exploitation.