VYPR
Unrated severityNVD Advisory· Published May 26, 2009· Updated Jun 16, 2026

CVE-2009-1376

CVE-2009-1376

Description

Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows. NOTE: this issue exists because of an incomplete fix for CVE-2008-2927.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

10
  • cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*+ 9 more
    • cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*range: <=2.5.5
    • cpe:2.3:a:pidgin:pidgin:2.4.0:32_bit:*:*:*:*:*:*
    • cpe:2.3:a:pidgin:pidgin:2.4.1:32_bit:*:*:*:*:*:*
    • cpe:2.3:a:pidgin:pidgin:2.4.2:32_bit:*:*:*:*:*:*
    • cpe:2.3:a:pidgin:pidgin:2.4.3:32_bit:*:*:*:*:*:*
    • cpe:2.3:a:pidgin:pidgin:2.5.0:32_bit:*:*:*:*:*:*
    • cpe:2.3:a:pidgin:pidgin:2.5.2:32_bit:*:*:*:*:*:*
    • cpe:2.3:a:pidgin:pidgin:2.5.3:32_bit:*:*:*:*:*:*
    • cpe:2.3:a:pidgin:pidgin:2.5.4:32_bit:*:*:*:*:*:*
    • (no CPE)range: <2.5.6

Patches

Vulnerability mechanics

References

26

News mentions

0

No linked articles in our index yet.