PT-2016-5137 · Pidgin+3 · Pidgin+3

Yves Younan

·

Published

2016-06-23

·

Updated

2025-04-20

·

CVE-2016-2367

CVSS v3.1

5.9

Medium

VectorAV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Pidgin (affected versions not specified)
Description An information leak exists in the handling of the MXIT protocol. Specially crafted MXIT data sent via the server could result in an out-of-bounds read. A malicious user, server, or man-in-the-middle can send an invalid size for an avatar, triggering an out-of-bounds read. This could result in a denial of service or copy data from memory to the file, leading to an information leak if the avatar is sent to another user.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Information Disclosure

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-125

Related Identifiers

ALT-PU-2016-1727
CVE-2016-2367
DLA-542-1
DSA-3620-1
MGASA-2016-0236
SUSE-SU-2016:2416-1
SUSE-SU-2016_2416-1
USN-3031-1

Affected Products

Alt Linux
Pidgin
Suse
Ubuntu