Computer Security
[EN] securityvulns.ru no-pyccku


Rhythmbox media player buffer overflow
Published:26.06.2008
Source:
SecurityVulns ID:9113
Type:client
Threat Level:
6/10
Description:Buffer overflow on .pls files parsing.
Affected:RHYTHMBOX : Rhythmbox 0.11
Original documentdocumentjplopezy_(at)_gmail.com, Rhythmbox Vulnerability (26.06.2008)

Gnome / Evolution HTML parsing memory corruption
Published:26.06.2008
Source:
SecurityVulns ID:9115
Type:library
Threat Level:
6/10
Description:Memory corruption on HTML parsing, including HTML messages in Evolution.
Affected:GNOME : libgtkhtml 3.14
 EVOLUTION : Evolution 2.22
Original documentdocumentjplopezy_(at)_gmail.com, Evolution Vulnerability (26.06.2008)

Pidgin memory corruption
updated since 26.06.2008
Published:26.05.2009
Source:
SecurityVulns ID:9114
Type:remote
Threat Level:
6/10
Description:Memory corruption on malcrafted filename in MSN protocol. Buffer overflow on Jabber file transfer. Buffer overflow in QQ protocol.
Affected:PIDGIN : Pidgin 2.4
CVE:CVE-2009-1376 (Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows. NOTE: this issue exists because of an incomplete fix for CVE-2008-2927.)
 CVE-2009-1375 (The PurpleCircBuffer implementation in Pidgin (formerly Gaim) before 2.5.6 does not properly maintain a certain buffer, which allows remote attackers to cause a denial of service (memory corruption and application crash) via vectors involving the (1) XMPP or (2) Sametime protocol.)
 CVE-2009-1374 (Buffer overflow in the decrypt_out function in Pidgin (formerly Gaim) before 2.5.6 allows remote attackers to cause a denial of service (application crash) via a QQ packet.)
 CVE-2009-1373 (Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. NOTE: some of these details are obtained from third party information.)
Original documentdocumentGENTOO, [ GLSA 200905-07 ] Pidgin: Multiple vulnerabilities (26.05.2009)
 documentDEBIAN, [SECURITY] [DSA 1805-1] New pidgin packages fix several vulnerabilities (25.05.2009)
 documentjplopezy_(at)_gmail.com, Pidgin 2.4.1 Vulnerability (26.06.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod