Launchpad CVE tracker

CVE 2009-1375

The PurpleCircBuffer implementation in Pidgin (formerly Gaim) before 2.5.6 does not properly maintain a certain buffer, which allows remote attackers to cause a denial of service (memory corruption and application crash) via vectors involving the (1) XMPP or (2) Sametime protocol.

Related bugs and status

CVE-2009-1375 (Candidate) is related to these bugs:

Bug #382644: Security Vulnerabilities in Pidgin 2.5.5

Summary				In	Importance	Status
	382644	Security Vulnerabilities in Pidgin 2.5.5		pidgin (Ubuntu)	Undecided	Fix Released

Bug #383335: Please update pidgin to fix security vulnerabilities

Summary				In	Importance	Status
	383335	Please update pidgin to fix security vulnerabilities		The Dell Mini Project	Undecided	Confirmed

Bug #384222: Various security issues fixed in pidgin 2.5.6

		In	Importance	Status
384222	Various security issues fixed in pidgin 2.5.6	pidgin (Ubuntu)	Low	Fix Released
384222	Various security issues fixed in pidgin 2.5.6	pidgin (Ubuntu Hardy)	Undecided	Fix Released
384222	Various security issues fixed in pidgin 2.5.6	pidgin (Ubuntu Intrepid)	Undecided	Fix Released
384222	Various security issues fixed in pidgin 2.5.6	pidgin (Ubuntu Jaunty)	Undecided	Fix Released
384222	Various security issues fixed in pidgin 2.5.6	pidgin (Ubuntu Karmic)	Low	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2009-1375

References