Pidgin: Multiple vulnerabilities

Pidgin: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Pidgin, allowing for remote arbitrary code execution, Denial of Service and service spoofing. pidgin January 20, 2009 January 20, 2009: 01 230045 234135 remote 2.5.1 2.5.1

Pidgin (formerly Gaim) is an instant messaging client for a variety of instant messaging protocols. It is based on the libpurple instant messaging library.

Multiple vulnerabilities have been discovered in Pidgin and the libpurple library:

A participant to the TippingPoint ZDI reported multiple integer overflows in the msn_slplink_process_msg() function in the MSN protocol imp
Pidgin: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Pidgin, allowing for remote arbitrary code execution, Denial of Service and service spoofing. pidgin January 20, 2009 January 20, 2009: 01 230045 234135 remote 2.5.1 2.5.1
Pidgin (formerly Gaim) is an instant messaging client for a variety of instant messaging protocols. It is based on the libpurple instant messaging library.
Multiple vulnerabilities have been discovered in Pidgin and the libpurple library:
- A participant to the TippingPoint ZDI reported multiple integer overflows in the msn_slplink_process_msg() function in the MSN protocol implementation (CVE-2008-2927).
- Juan Pablo Lopez Yacubian is credited for reporting a use-after-free flaw in msn_slplink_process_msg() in the MSN protocol implementation (CVE-2008-2955).
- The included UPnP server does not limit the size of data to be downloaded for UPnP service discovery, according to a report by Andrew Hunt and Christian Grothoff (CVE-2008-2957).
- Josh Triplett discovered that the NSS plugin for libpurple does not properly verify SSL certificates (CVE-2008-3532).
A remote attacker could send specially crafted messages or files using the MSN protocol which could result