cpe:/a:pidgin:libpurple:2.6.0 cpe:/a:pidgin:libpurple:2.6.1 cpe:/a:pidgin:pidgin:2.0.0 cpe:/a:pidgin:pidgin:2.0.1 cpe:/a:pidgin:pidgin:2.0.2 cpe:/a:pidgin:pidgin:2.0.2::linux cpe:/a:pidgin:pidgin:2.1.0 cpe:/a:pidgin:pidgin:2.1.1 cpe:/a:pidgin:pidgin:2.2.0 cpe:/a:pidgin:pidgin:2.2.1 cpe:/a:pidgin:pidgin:2.2.2 cpe:/a:pidgin:pidgin:2.3.0 cpe:/a:pidgin:pidgin:2.3.1 cpe:/a:pidgin:pidgin:2.4.0 cpe:/a:pidgin:pidgin:2.4.0:32_bit cpe:/a:pidgin:pidgin:2.4.1 cpe:/a:pidgin:pidgin:2.4.1:32_bit cpe:/a:pidgin:pidgin:2.4.2 cpe:/a:pidgin:pidgin:2.4.2:32_bit cpe:/a:pidgin:pidgin:2.4.3 cpe:/a:pidgin:pidgin:2.4.3:32_bit cpe:/a:pidgin:pidgin:2.5.0 cpe:/a:pidgin:pidgin:2.5.0:32_bit cpe:/a:pidgin:pidgin:2.5.1 cpe:/a:pidgin:pidgin:2.5.2 cpe:/a:pidgin:pidgin:2.5.2:32_bit cpe:/a:pidgin:pidgin:2.5.3 cpe:/a:pidgin:pidgin:2.5.3:32_bit cpe:/a:pidgin:pidgin:2.5.4 cpe:/a:pidgin:pidgin:2.5.4:32_bit cpe:/a:pidgin:pidgin:2.5.5 cpe:/a:pidgin:pidgin:2.5.5:32_bit cpe:/a:pidgin:pidgin:2.5.6 cpe:/a:pidgin:pidgin:2.5.7 cpe:/a:pidgin:pidgin:2.5.8 cpe:/a:pidgin:pidgin:2.5.9 cpe:/a:pidgin:pidgin:2.6.0 cpe:/a:pidgin:pidgin:2.6.1 CVE-2009-3084 2009-09-08T14:30:00.377-04:00 2017-09-18T21:29:27.657-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2009-09-09T09:57:00.000-04:00 BID 36277 SECUNIA 36601 CONFIRM http://developer.pidgin.im/viewmtn/revision/diff/92ce3e48744b40fb0fea89e3de5e44bedb100c07/with/567e16cbc46168f52482e5ec27626c48e7a5ba95/libpurple/protocols/msn/slpcall.c CONFIRM http://developer.pidgin.im/viewmtn/revision/info/567e16cbc46168f52482e5ec27626c48e7a5ba95 CONFIRM http://www.pidgin.im/news/security/index.php?id=38 The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in Pidgin before 2.6.2, allows remote attackers to cause a denial of service (application crash) via a handwritten (aka Ink) message, related to an uninitialized variable and the incorrect "UTF16-LE" charset name.