Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Pidgin
(Pidgin)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 86 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-01-06 | CVE-2016-4323 | A directory traversal exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an overwrite of files. A malicious server or someone with access to the network traffic can provide an invalid filename for a splash image triggering the vulnerability. | Ubuntu_linux, Debian_linux, Pidgin | 3.7 | ||
| 2017-01-06 | CVE-2016-2380 | An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent to the server could potentially result in an out-of-bounds read. A user could be convinced to enter a particular string which would then get converted incorrectly and could lead to a potential out-of-bounds read. | Ubuntu_linux, Debian_linux, Pidgin | 3.1 | ||
| 2017-01-06 | CVE-2016-2378 | A buffer overflow vulnerability exists in the handling of the MXIT protocol Pidgin. Specially crafted data sent via the server could potentially result in a buffer overflow, potentially resulting in memory corruption. A malicious server or an unfiltered malicious user can send negative length values to trigger this vulnerability. | Ubuntu_linux, Debian_linux, Pidgin | 8.1 | ||
| 2017-01-06 | CVE-2016-2377 | A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent by the server could potentially result in an out-of-bounds write of one byte. A malicious server can send a negative content-length in response to a HTTP request triggering the vulnerability. | Ubuntu_linux, Debian_linux, Pidgin | 8.1 | ||
| 2017-01-06 | CVE-2016-2376 | A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in arbitrary code execution. A malicious server or an attacker who intercepts the network traffic can send an invalid size for a packet which will trigger a buffer overflow. | Ubuntu_linux, Debian_linux, Pidgin | 8.1 | ||
| 2017-01-06 | CVE-2016-2375 | An exploitable out-of-bounds read exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT contact information sent from the server can result in memory disclosure. | Ubuntu_linux, Debian_linux, Pidgin | 5.3 | ||
| 2017-01-06 | CVE-2016-2374 | An exploitable memory corruption vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT MultiMX message sent via the server can result in an out-of-bounds write leading to memory disclosure and code execution. | Ubuntu_linux, Debian_linux, Pidgin | 8.1 | ||
| 2017-01-06 | CVE-2016-2373 | A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious server or user can send an invalid mood to trigger this vulnerability. | Ubuntu_linux, Debian_linux, Pidgin | 5.9 | ||
| 2017-01-06 | CVE-2016-2372 | An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle attacker can send an invalid size for a file transfer which will trigger an out-of-bounds read vulnerability. This could result in a denial of service or copy data from memory to the file, resulting in an information leak if the file is sent to another user. | Ubuntu_linux, Debian_linux, Pidgin | 5.9 | ||
| 2017-01-06 | CVE-2016-2371 | An out-of-bounds write vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could cause memory corruption resulting in code execution. | Ubuntu_linux, Debian_linux, Pidgin | 8.1 |