CVE-2009-3615
pidgin - arbitrary code execution
EPSS 8.4%
Description
The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote attackers to cause a denial of service (application crash) via crafted contact-list data for (1) ICQ and possibly (2) AIM, as demonstrated by the SIM IM client.
How to fix CVE-2009-3615
To remediate CVE-2009-3615, upgrade the affected package to a fixed version below.
- Debian/pidgin—upgrade to 2.6.3-1 or later
- Debian/pidgin—upgrade to 2.4.3-4lenny5 or later
Is CVE-2009-3615 being exploited?
Moderate — EPSS is 8.4%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 2.6.3-1
- from 0, < 2.4.3-4lenny5