CVE-2009-1376

Name of the Vulnerable Software and Affected Versions Pidgin versions prior to 2.5.6 libpurple versions prior to 2.5.6

Description The issue is caused by multiple integer overflows in the MSN protocol handler, allowing remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows. This can result in disruption of confidentiality, integrity, and availability of protected information. The exploitation of these vulnerabilities can be done remotely.

Recommendations For Pidgin versions prior to 2.5.6, update to version 2.5.6 or later to resolve the issue. For libpurple versions prior to 2.5.6, update to version 2.5.6 or later to resolve the issue. As a temporary workaround, consider disabling the MSN protocol handler until a patch is available.