CVE-2008-2927

Description

Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin before 2.4.3 and Adium before 1.3 allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, a different vulnerability than CVE-2008-2955.

Software From Fixed in
pidgin / pidgin - 2.4.2.x
pidgin / pidgin 2.0.0 2.0.0.x
pidgin / pidgin 2.0.1 2.0.1.x
pidgin / pidgin 2.0.2 2.0.2.x
pidgin / pidgin 2.1.0 2.1.0.x
pidgin / pidgin 2.1.1 2.1.1.x
pidgin / pidgin 2.2.0 2.2.0.x
pidgin / pidgin 2.2.1 2.2.1.x
pidgin / pidgin 2.2.2 2.2.2.x
pidgin / pidgin 2.3.0 2.3.0.x
pidgin / pidgin 2.3.1 2.3.1.x
pidgin / pidgin 2.4.0 2.4.0.x
pidgin / pidgin 2.4.1 2.4.1.x
adium / adium - 1.2.7.x
adium / adium 1.0 1.0.x
adium / adium 1.0.1 1.0.1.x
adium / adium 1.0.2 1.0.2.x
adium / adium 1.0.3 1.0.3.x
adium / adium 1.0.4 1.0.4.x
adium / adium 1.0.5 1.0.5.x
adium / adium 1.1 1.1.x
adium / adium 1.1.1 1.1.1.x
adium / adium 1.1.2 1.1.2.x
adium / adium 1.1.3 1.1.3.x
adium / adium 1.1.4 1.1.4.x