CVE		CVE-2009-1376
Статус		UNKNOWN
Описание		Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows.  NOTE: this issue exists because of an incomplete fix for CVE-2008-2927.
Важность		High
CVSS score		9,3
CVSS vector		(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Phase		ASSIGNED (14.09.2011)
NVD:		http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1376
References		BID : 35067
		CONFIRM : http://www.pidgin.im/news/security/?id=32
		CONFIRM : https://bugzilla.redhat.com/show_bug.cgi?id=500493
		DEBIAN : DSA-1805
		FEDORA : FEDORA-2009-5552
		FEDORA : FEDORA-2009-5583
		FEDORA : FEDORA-2009-5597
		GENTOO : GLSA-200905-07
		MANDRIVA : MDVSA-2009:140
		MANDRIVA : MDVSA-2009:173
		OVAL : oval:org.mitre.oval:def:10476
		REDHAT : RHSA-2009:1059
		REDHAT : RHSA-2009:1060
		SECUNIA : 35188
		SECUNIA : 35194
		SECUNIA : 35202
		SECUNIA : 35215
		SECUNIA : 35294
		SECUNIA : 35329
		SECUNIA : 35330
		UBUNTU : USN-781-1
		UBUNTU : USN-781-2
		VUPEN : ADV-2009-1396
		XF : pidgin-msn-slp-bo(50680)
SecurityVulns:		Повреждение памяти в Pidgin
		Переполнение буфера в библиотеке libpurple / Pidgin