CVE-2008-2956

Name	CVE-2008-2956
Description	Memory leak in Pidgin 2.0.0, and possibly other versions, allows remote attackers to cause a denial of service (memory consumption) via malformed XML documents. NOTE: this issue has been disputed by the upstream vendor, who states: "I was never able to identify a scenario under which a problem occurred and the original reporter wasn't able to supply any sort of reproduction details."
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs	488632

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
pidgin (PTS)	bullseye	2.14.1-1	vulnerable
	bookworm	2.14.12-1	vulnerable
	sid, trixie	2.14.13-2	vulnerable

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
pidgin	source	(unstable)	(unfixed)	unimportant		488632

Non-issue per analysis of Pidgin upstream developers, should be rejected