CVE-2009-1375: Buffer Overflow
First published: Tue May 12 2009(Updated: )
A flaw was found in the way Pidgin's PurpleCircBuffer object is expanded. If the buffer is full when more data arrives, it results in corruption of the data stored in the buffer. This corrupt data could possibly result in confusing or misleading data being presented to the user, or possibly crash Pidgin.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Pidgin | =2.1.0 | |
| Pidgin | =2.5.2 | |
| Pidgin | =2.5.1 | |
| Pidgin | =2.0.1 | |
| Pidgin | =2.4.2 | |
| Pidgin | =2.5.4 | |
| Pidgin | =2.2.2 | |
| Pidgin | =2.1.1 | |
| Pidgin | =2.3.1 | |
| Pidgin | =2.4.3 | |
| Pidgin | =2.0.0 | |
| Pidgin | =2.0.2 | |
| Pidgin | =2.0.2 | |
| Pidgin | =2.3.0 | |
| Pidgin | =2.4.1 | |
| Pidgin | =2.4.0 | |
| Pidgin | <=2.5.5 | |
| Pidgin | =2.5.0 | |
| Pidgin | =2.2.0 | |
| Pidgin | =2.2.1 | |
| Pidgin | =2.5.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.pidgin.im/news/security/?id=31
- http://www.redhat.com/support/errata/RHSA-2009-1060.html
- https://bugzilla.redhat.com/show_bug.cgi?id=500491
- http://www.securityfocus.com/bid/35067
- http://secunia.com/advisories/35194
- http://secunia.com/advisories/35202
- http://secunia.com/advisories/35188
- http://www.vupen.com/english/advisories/2009/1396
- http://secunia.com/advisories/35215
- http://debian.org/security/2009/dsa-1805
- http://osvdb.org/54649
- http://www.gentoo.org/security/en/glsa/glsa-200905-07.xml
- https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00033.html
- https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00051.html
- http://www.ubuntu.com/usn/USN-781-1
- https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00075.html
- http://secunia.com/advisories/35294
- http://secunia.com/advisories/35329
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:173
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50683
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10829
- http://www.pidgin.im/news/security//?id=31
- https://rhn.redhat.com/errata/RHSA-2009-1060.html
- http://admin.fedoraproject.org/updates/pidgin-2.5.6-1.fc9
- http://rhn.redhat.com/errata/RHSA-2009-1060.html
- https://admin.fedoraproject.org/updates/F10/FEDORA-2009-5597
- https://admin.fedoraproject.org/updates/F11/FEDORA-2009-5583
- https://admin.fedoraproject.org/updates/F9/FEDORA-2009-5552
Frequently Asked Questions
What is the severity of CVE-2009-1375?
CVE-2009-1375 is classified as a medium severity vulnerability.
How do I fix CVE-2009-1375?
To fix CVE-2009-1375, upgrade Pidgin to version 2.5.5 or later.
Which versions of Pidgin are affected by CVE-2009-1375?
CVE-2009-1375 affects Pidgin versions 2.0.0 through 2.5.4.
What type of vulnerability is CVE-2009-1375?
CVE-2009-1375 is a buffer overflow vulnerability affecting the PurpleCircBuffer object in Pidgin.
What are the potential impacts of CVE-2009-1375?
The potential impacts of CVE-2009-1375 include data corruption and application crashes in Pidgin.
- agent/type
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/references
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2009-1375
- agent/trending
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/pidgin
- canonical/pidgin
- version/pidgin/2.1.0
- version/pidgin/2.5.2
- version/pidgin/2.5.1
- version/pidgin/2.0.1
- version/pidgin/2.4.2
- version/pidgin/2.5.4
- version/pidgin/2.2.2
- version/pidgin/2.1.1
- version/pidgin/2.3.1
- version/pidgin/2.4.3
- version/pidgin/2.0.0
- version/pidgin/2.0.2
- version/pidgin/2.3.0
- version/pidgin/2.4.1
- version/pidgin/2.4.0
- version/pidgin/2.5.5
- version/pidgin/2.5.0
- version/pidgin/2.2.0
- version/pidgin/2.2.1
- version/pidgin/2.5.3