VYPR

rpm package

suse/pidgin&distro=SUSE Linux Enterprise Software Development Kit 11 SP4

pkg:rpm/suse/pidgin&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4

Vulnerabilities (6)

  • CVE-2017-2640HigJul 27, 2018
    affected < 2.6.6-0.30.3.1fixed 2.6.6-0.30.3.1

    An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process.

  • CVE-2016-2373MedJan 6, 2017
    affected < 2.6.6-0.29.1fixed 2.6.6-0.29.1

    A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious server or user can send an invalid mood to trigger this vulnerability.

  • CVE-2016-2372MedJan 6, 2017
    affected < 2.6.6-0.29.1fixed 2.6.6-0.29.1

    An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle attacker can send an invalid size for a file transfer which

  • CVE-2016-2371HigJan 6, 2017
    affected < 2.6.6-0.29.1fixed 2.6.6-0.29.1

    An out-of-bounds write vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could cause memory corruption resulting in code execution.

  • CVE-2016-2370MedJan 6, 2017
    affected < 2.6.6-0.29.1fixed 2.6.6-0.29.1

    A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an out-of-bounds read. A malicious server or man-in-the-middle attacker can send invalid data to trigger this vuln

  • CVE-2016-2367MedJan 6, 2017
    affected < 2.6.6-0.29.1fixed 2.6.6-0.29.1

    An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle can send an invalid size for an avatar which will trigger a