source: http://www.securityfocus.com/bid/33414/info Pidgin is prone to a denial-of-service vulnerability because it fails to properly sanitize user-supplied input. Successful exploits will cause the affected application to crash, effectively denying service to legitimate users. Pidgin 2.4.1 is vulnerable; other versions may also be affected. NOTE: This issue was previously thought to be a subset of the vulnerability documented in BID 29956 (Pidgin 'msn_slplink_process_msg()' Multiple Integer Overflow Vulnerabilities), but has been given its own record to properly document the vulnerability. Sending a filename that contains the maximum number of allowable characters and that includes the characters defined by the hex data below will crash the application. '26 23 38 32 32 37 3b 20 26 23 38 32 32 38 3b 20 26 23 38 32 32 39 3b 20 85'
Related ExploitsTrying to match CVEs (1): CVE-2008-2955
Trying to match OSVDBs (1): 46576
Other Possible E-DB Search Terms: Pidgin 2.4.2, Pidgin
|2009-09-09||9615||Pidgin MSN 2.5.8 - Remote Code Execution||Pierre Nogues|
|2010-01-19||11203||Pidgin MSN 2.6.4 - File Download||Mathieu GASPARD|