rpm package
suse/pidgin&distro=SUSE Linux Enterprise Software Development Kit 11 SP4
pkg:rpm/suse/pidgin&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-2640 | Hig | 7.5 | < 2.6.6-0.30.3.1 | 2.6.6-0.30.3.1 | Jul 27, 2018 | An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process. | |
| CVE-2016-2373 | Med | 5.9 | < 2.6.6-0.29.1 | 2.6.6-0.29.1 | Jan 6, 2017 | A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious server or user can send an invalid mood to trigger this vulnerability. | |
| CVE-2016-2372 | Med | 5.9 | < 2.6.6-0.29.1 | 2.6.6-0.29.1 | Jan 6, 2017 | An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle attacker can send an invalid size for a file transfer which | |
| CVE-2016-2371 | Hig | 8.1 | < 2.6.6-0.29.1 | 2.6.6-0.29.1 | Jan 6, 2017 | An out-of-bounds write vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could cause memory corruption resulting in code execution. | |
| CVE-2016-2370 | Med | 5.9 | < 2.6.6-0.29.1 | 2.6.6-0.29.1 | Jan 6, 2017 | A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an out-of-bounds read. A malicious server or man-in-the-middle attacker can send invalid data to trigger this vuln | |
| CVE-2016-2367 | Med | 5.9 | < 2.6.6-0.29.1 | 2.6.6-0.29.1 | Jan 6, 2017 | An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle can send an invalid size for an avatar which will trigger a |
- affected < 2.6.6-0.30.3.1fixed 2.6.6-0.30.3.1
An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process.
- affected < 2.6.6-0.29.1fixed 2.6.6-0.29.1
A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious server or user can send an invalid mood to trigger this vulnerability.
- affected < 2.6.6-0.29.1fixed 2.6.6-0.29.1
An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle attacker can send an invalid size for a file transfer which
- affected < 2.6.6-0.29.1fixed 2.6.6-0.29.1
An out-of-bounds write vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could cause memory corruption resulting in code execution.
- affected < 2.6.6-0.29.1fixed 2.6.6-0.29.1
A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an out-of-bounds read. A malicious server or man-in-the-middle attacker can send invalid data to trigger this vuln
- affected < 2.6.6-0.29.1fixed 2.6.6-0.29.1
An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle can send an invalid size for an avatar which will trigger a