CVE-2008-2955

Name of the Vulnerable Software and Affected Versions Pidgin version 2.4.1 libpurple-devel versions 2.5.2 and earlier libpurple-tcl versions 2.5.2 and earlier libpurple versions 2.5.2 and earlier

Description The issue allows remote attackers to cause a denial of service, potentially leading to a crash, by sending a message with a long filename containing certain characters. This can be triggered in the msn slplink process msg function. Multiple vulnerabilities in the libpurple package can lead to violations of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely.

Recommendations For Pidgin version 2.4.1, consider updating to a newer version to mitigate the risk. For libpurple-devel versions 2.5.2 and earlier, restrict access to the msn slplink process msg function until a patch is available. For libpurple-tcl versions 2.5.2 and earlier, avoid using the vulnerable libpurple-tcl package until the issue is resolved. For libpurple versions 2.5.2 and earlier, disable the vulnerable functions temporarily to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.