CVE-2009-3084

Name of the Vulnerable Software and Affected Versions: libpurple versions 2.6.0 through 2.6.1 Pidgin versions prior to 2.6.2

Description: The issue allows remote attackers to cause a denial of service, resulting in an application crash, by sending a handwritten message. This is related to an uninitialized variable and the incorrect use of the "UTF16-LE" charset name in the msn slp process msg function.

Recommendations: For libpurple versions 2.6.0 and 2.6.1, consider updating to a version after 2.6.1 to resolve the issue. For Pidgin versions prior to 2.6.2, update to version 2.6.2 or later to fix the problem. As a temporary workaround, consider disabling the handling of handwritten messages in the MSN protocol plugin until a patch is available.