CVE-2009-1889

Name of the Vulnerable Software and Affected Versions Pidgin versions prior to 2.5.8 libpurple-devel versions prior to 2.5.8 libpurple-tcl versions prior to 2.5.8 libpurple versions prior to 2.5.8

Description The issue is related to the misinterpretation of the ICQWebMessage message type as the ICQSMS message type in the OSCAR protocol implementation. This can be exploited by remote attackers to cause a denial of service, specifically an application crash, by sending a crafted ICQ web message that triggers the allocation of a large amount of memory. The exploitation can be done remotely and may lead to disruption of protected information availability.

Recommendations For Pidgin versions prior to 2.5.8, update to version 2.5.8 or later to resolve the issue. For libpurple-devel versions prior to 2.5.8, update to version 2.5.8 or later to resolve the issue. For libpurple-tcl versions prior to 2.5.8, update to version 2.5.8 or later to resolve the issue. For libpurple versions prior to 2.5.8, update to version 2.5.8 or later to resolve the issue.