QwikSec

Security Database

CVE

CWE

Training

CVE-2016-2367

Published: Jan 6, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle can send an invalid size for an avatar which will trigger an out-of-bounds read vulnerability. This could result in a denial of service or copy data from memory to the file, resulting in an information leak if the avatar is sent to another user.

Vendor	Product	Versions
Pidgin	Pidgin	affected `2.10.11`

References

vdb-entry

x_refsource_BID

http://www.pidgin.im/news/security/?id=100

x_refsource_CONFIRM

vendor-advisory

x_refsource_DEBIAN

vendor-advisory

x_refsource_GENTOO

vendor-advisory

x_refsource_UBUNTU

http://www.talosintelligence.com/reports/TALOS-2016-0135/

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.