CVE-2009-3615

Published: 20 October 2009

The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote attackers to cause a denial of service (application crash) via crafted contact-list data for (1) ICQ and possibly (2) AIM, as demonstrated by the SIM IM client.

Priority

Status

Package	Release	Status
pidgin Launchpad, Ubuntu, Debian	dapper	Does not exist
	hardy	Released (1:2.4.1-1ubuntu2.8)
	intrepid	Released (1:2.5.2-0ubuntu1.6)
	jaunty	Released (1:2.5.5-1ubuntu8.5)
	karmic	Released (1:2.6.2-1ubuntu7.1)
	upstream	Released (2.6.3)
	Patches: upstream: http://developer.pidgin.im/viewmtn/revision/info/781682333aea0c801d280c3507ee25552a60bfc0

References

http://www.pidgin.im/news/security/?id=41
https://ubuntu.com/security/notices/USN-886-1
https://www.cve.org/CVERecord?id=CVE-2009-3615
NVD
Launchpad
Debian

Bugs

http://developer.pidgin.im/ticket/10481

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›