Debian Security Advisory 1870 pidgin – insufficient input validation

Article Source Debian Security Advisories
August 18, 2009, 5:00 pm

Federico Muttis discovered that libpurple, the shared library that adds support for various instant messaging networks to the pidgin IM client, is vulnerable to a heap-based buffer overflow. This issue exists because of an incomplete fix for CVE-2008-2927 and CVE-2009-1376. An attacker can exploit this by sending two consecutive SLP packets to a victim via MSN…

Read More