Unrated severityNVD Advisory· Published Aug 21, 2009· Updated Apr 23, 2026
CVE-2009-2694
CVE-2009-2694
Description
The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376.
Affected products
29cpe:2.3:a:adium:adium:*:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:adium:adium:*:*:*:*:*:*:*:*range: <=1.3.5
- cpe:2.3:a:adium:adium:1.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:adium:adium:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:adium:adium:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:adium:adium:1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:adium:adium:1.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:adium:adium:1.3.4:*:*:*:*:*:*:*
cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*+ 21 more
- cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*range: <=2.5.8
- cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:pidgin:pidgin:2.5.7:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
19- developer.pidgin.im/viewmtn/revision/info/6f7343166c673bf0496ecb1afec9b633c1d54a0envdPatch
- www.debian.org/security/2009/dsa-1870nvdPatch
- www.coresecurity.com/content/libpurple-arbitrary-writenvdExploit
- secunia.com/advisories/36384nvdVendor Advisory
- secunia.com/advisories/36392nvdVendor Advisory
- secunia.com/advisories/36401nvdVendor Advisory
- www.pidgin.im/news/security/nvdVendor Advisory
- www.vupen.com/english/advisories/2009/2303nvdVendor Advisory
- rhn.redhat.com/errata/RHSA-2009-1218.htmlnvdVendor Advisory
- developer.pidgin.im/wiki/ChangeLognvd
- secunia.com/advisories/36402nvd
- secunia.com/advisories/36708nvd
- secunia.com/advisories/37071nvd
- sunsolve.sun.com/search/document.donvd
- www.exploit-db.com/exploits/9615nvd
- www.vupen.com/english/advisories/2009/2663nvd
- bugzilla.redhat.com/show_bug.cginvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10319nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6320nvd
News mentions
0No linked articles in our index yet.