CVE-2009-3615

Name of the Vulnerable Software and Affected Versions libpurple versions 2.6.3 and earlier Pidgin versions prior to 2.6.3 Adium versions prior to 1.3.7

Description The issue allows remote attackers to cause a denial of service, leading to a disruption in the availability of protected information. This can be achieved through crafted contact-list data for ICQ and possibly AIM. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For libpurple version 2.6.3, update to a version later than 2.6.3 to resolve the issue. For Pidgin versions prior to 2.6.3, update to version 2.6.3 or later. For Adium versions prior to 1.3.7, update to version 1.3.7 or later. As a temporary workaround, consider restricting the use of the OSCAR protocol plugin in libpurple until a patch is available.