Launchpad CVE tracker

CVE 2009-1889

The OSCAR protocol implementation in Pidgin before 2.5.8 misinterprets the ICQWebMessage message type as the ICQSMS message type, which allows remote attackers to cause a denial of service (application crash) via a crafted ICQ web message that triggers allocation of a large amount of memory.

Related bugs and status

CVE-2009-1889 (Candidate) is related to these bugs:

Bug #393736: Update Pidgin to upstream 2.5.8 (fixes numerous issues)

Summary				In	Importance	Status
	393736	Update Pidgin to upstream 2.5.8 (fixes numerous issues)		pidgin (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://www.securityfoc...
MISC: http://secunia.com/adv...
MISC: http://secunia.com/adv...
MISC: http://secunia.com/adv...
MISC: http://secunia.com/adv...
MISC: http://www.vupen.com/e...
MISC: https://www.redhat.com...
MISC: https://www.redhat.com...
MISC: https://www.redhat.com...
MISC: https://bugzilla.redha...
MISC: http://www.redhat.com/...
MISC: http://www.ubuntu.com/...
MISC: http://pidgin.im/piper...
MISC: http://developer.pidgi...
MISC: https://oval.cisecurit...
MISC: https://exchange.xforc...

Launchpad.net

CVE 2009-1889

Related bugs and status

Related bugs

References