Debian Security Advisory 1870-1 - Federico Muttis discovered that libpurple, the shared library that adds support for various instant messaging networks to the pidgin IM client, is vulnerable to a heap-based buffer overflow. This issue exists because of an incomplete fix for CVE-2008-2927 and CVE-2009-1376. An attacker can exploit this by sending two consecutive SLP packets to a victim via MSN.
11ac33561f3bbbffca98ffd632e07b2283b4a9f19e94b23a9c98eb2ca8256b2e