Out-of-Bounds Write Vulnerability in Pidgin by Pidgin Developers
CVE-2017-2640

7.5HIGH

Key Information:

Vendor

Pidgin

Status
Pidgin
Vendor
CVE Published:
27 July 2018

What is CVE-2017-2640?

An out-of-bounds write vulnerability exists in the way Pidgin processes XML content prior to version 2.12.0. This flaw allows a malicious remote server to potentially exploit the vulnerability, leading to crashes of the Pidgin application or the execution of arbitrary code within the context of the Pidgin process. It is crucial for users to upgrade to the latest version to mitigate potential risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

pidgin 2.12.0

References

https://security.gentoo.org/glsa/201706-10
vendor-advisoryx_refsource_GENTOO
https://access.redhat.com/errata/RHSA-2017:1854
vendor-advisoryx_refsource_REDHAT
http://www.securityfocus.com/bid/96775
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.