| Summary | MSN malformed SLP message overflow |
|---|---|
| Date | 2008-07-01 |
| CVE Number | CVE-2008-2927 |
| Discovered By | Anonymous (via TippingPoint's Zero Day Initiative) |
| Fixed In Release | 2.4.3 |
Multiple integer overflows in the msn_slplink_process_msg functions in the
MSN protocol handler in libpurple allow remote attackers to execute arbitrary
code via a malformed SLP message.
The affected function has been patched to fix the vulnerability.