Debian CVE-2016-2371

Title:

PIDGIN MXIT EXTENDED PROFILES CODE EXECUTION VULNERABILITY

CVE ID:

CVE-2016-2371

Description:

The MITRE CVE dictionary describes this issue as:

An out-of-bounds write vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could cause memory corruption resulting in code execution.

Find out more about CVE-2016-2371 from the MITRE CVE dictionary

and NIST NVD.

CVSS SCORE:

8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Mitigation:

debian-linux-upgrade-pidgin

External References:


http://www.talosintel.com/reports/TALOS-2016-0139/
http://www.pidgin.im/news/security/?id=104
https://access.redhat.com/security/cve/cve-2016-2371
https://www.rapid7.com/db/vulnerabilities/debian-cve-2016-2371

Share This:
Facebooktwittergoogle_plusredditpinterestlinkedintumblr