Fluid Attacks Database

Description

Pidgin 2.4.1 allows remote attackers to cause a denial of service (crash) via a long filename that contains certain characters, as demonstrated using an MSN message that triggers the crash in the msn_slplink_process_msg function.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel5	pidgin	<0:2.5.2-6.el5	0:2.5.2-6.el5
debian 11	pidgin	>=0 <2.4.3-1	2.4.3-1
debian 12	pidgin	>=0 <2.4.3-1	2.4.3-1
debian 13	pidgin	>=0 <2.4.3-1	2.4.3-1
debian 14	pidgin	>=0 <2.4.3-1	2.4.3-1

Aliases

1. CVE-2008-29552. NVD-2008-29553. OSV-2008-29554. OSV-DEBIAN-2008-29555. SECURITY-TRACKER-CVE-2008-2955

References

1. https://www.exploit-db.com/exploits/32749

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.