CVE-2008-2955

Pidgin 2.4.1 - Denial of Service via Long Filename in MSN Message

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-2955. PoCs published by Juan Pablo Lopez Yacubian.

AI-analyzed exploit summary This is a writeup describing a denial-of-service vulnerability in Pidgin 2.4.1. The issue arises from improper input sanitization when processing filenames with specific hex data, causing the application to crash.

Description

Pidgin 2.4.1 allows remote attackers to cause a denial of service (crash) via a long filename that contains certain characters, as demonstrated using an MSN message that triggers the crash in the msn_slplink_process_msg function.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Juan Pablo Lopez Yacubian · textdoslinux

https://www.exploit-db.com/exploits/32749

View Code ZIP pw:eip

This is a writeup describing a denial-of-service vulnerability in Pidgin 2.4.1. The issue arises from improper input sanitization when processing filenames with specific hex data, causing the application to crash.

Classification

Writeup 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Pidgin 2.4.1

No auth needed

Prerequisites: Ability to send a maliciously crafted filename to a Pidgin user

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (13)

Core 13

Core References

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/1947

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/3966

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18050

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2009:025

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/29985

Vendor Advisory x_refsource_confirm

http://support.avaya.com/elmodocs2/security/ASA-2008-493.htm

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/33102

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/493682/100/0/threaded

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-675-1

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/32859

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10131

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/30881

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2008-1023.html

Scores

EPSS 0.0726

EPSS Percentile 93.5%

Details

CWE

CWE-20

Status published

Products (1)

pidgin/pidgin 2.4.1

Published Jul 01, 2008

Tracked Since Feb 18, 2026