CVE-2009-1373

NameCVE-2009-1373
DescriptionBuffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. NOTE: some of these details are obtained from third party information.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1805-1
NVD severityhigh

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
pidgin (PTS)stretch2.12.0-1fixed
buster2.13.0-2fixed
bullseye2.14.1-1fixed
bookworm2.14.7-2fixed
sid2.14.8-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gaimsourcelenny(not affected)
gaimsource(unstable)(unfixed)
pidginsourcelenny2.4.3-4lenny2DSA-1805-1
pidginsource(unstable)2.5.6-1

Notes

[lenny] - gaim <not-affected> (Only a transitional package)

Search for package or bug name: Reporting problems