Comment 4 for bug 416306

Core Security Technologies reported that previous upstream fixes addressing insufficient input validation flaw in pidgin / libpurple in function msn_slplink_process_msg() are inefficient and can be bypassed. This flaw allows an attacker to overwrite pidgin's memory and possibly execute arbitrary code with the privileges of the user running application using libpurple.

This issue was previously tracked as CVE-2008-2927 (bug #453764) and CVE-2009-1376 (bug #500493, incomplete fix).