The host is installed with Pidgin before 2.5.6 and is prone to buffer overflow vulnerability. The flaw is present in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c, which fails to handle a malformed SLP message with a crafted offset value. Successful exploitation could allow remote attackers to execute arbitrary code.