High severity8.1NVD Advisory· Published Jan 6, 2017· Updated May 6, 2026

CVE-2016-2374

Description

An exploitable memory corruption vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT MultiMX message sent via the server can result in an out-of-bounds write leading to memory disclosure and code execution.

Affected products

Pidgin (software)/Pidgin2 versions
cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*range: <=2.10.12
- (no CPE)range: 2.10.11
Canonical (company)/Ubuntu Linux3 versions
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*+ 2 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
Debian/Debian Linux
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.pidgin.im/news/security/nvdPatchVendor Advisory
www.debian.org/security/2016/dsa-3620nvdThird Party Advisory
www.securityfocus.com/bid/91335nvdThird Party AdvisoryVDB Entry
www.talosintelligence.com/reports/TALOS-2016-0142/nvdTechnical DescriptionThird Party Advisory
www.ubuntu.com/usn/USN-3031-1nvdThird Party Advisory
security.gentoo.org/glsa/201701-38nvd

News mentions

No linked articles in our index yet.

cvss	0.526
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000