Vulnerability Description
An exploitable out-of-bounds read exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT contact information sent from the server can result in memory disclosure.
CVSS Score
5.3
MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pidgin | Pidgin | <= 2.10.12 |
| Canonical | Ubuntu Linux | 12.04 |
| Debian | Debian Linux | 8.0 |
Related Weaknesses (CWE)
References
- http://www.debian.org/security/2016/dsa-3620Third Party Advisory
- http://www.pidgin.im/news/security/?id=108PatchVendor Advisory
- http://www.securityfocus.com/bid/91335Third Party AdvisoryVDB Entry
- http://www.talosintelligence.com/reports/TALOS-2016-0143/Technical DescriptionThird Party Advisory
- http://www.ubuntu.com/usn/USN-3031-1Third Party Advisory
- https://security.gentoo.org/glsa/201701-38
- http://www.debian.org/security/2016/dsa-3620Third Party Advisory
- http://www.pidgin.im/news/security/?id=108PatchVendor Advisory
- http://www.securityfocus.com/bid/91335Third Party AdvisoryVDB Entry
- http://www.talosintelligence.com/reports/TALOS-2016-0143/Technical DescriptionThird Party Advisory
- http://www.ubuntu.com/usn/USN-3031-1Third Party Advisory
- https://security.gentoo.org/glsa/201701-38
FAQ
What is CVE-2016-2375?
CVE-2016-2375 is a vulnerability with a CVSS score of 5.3 (MEDIUM). An exploitable out-of-bounds read exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT contact information sent from the server can result in memory disclosure.
How severe is CVE-2016-2375?
CVE-2016-2375 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-2375?
Check the references section above for vendor advisories and patch information. Affected products include: Pidgin Pidgin, Canonical Ubuntu Linux, Debian Debian Linux.