CVE-2017-2640Out-of-bounds Write in Pidgin

CWE-787Out-of-bounds Write10 documents8 sources
Severity
9.8CRITICALNVD
CNA7.5
EPSS
0.7%
top 27.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
PidginDebian LinuxRedhat Enterprise Linux Desktop+4 more
Timeline
PublishedJul 27
Latest updateMay 13

Description

An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages6 packages

NVDpidgin/pidgin< 2.12.0
Debianpidgin/pidgin< 2.12.0-1+3
CVEListV5pidgin/pidgin2.12.0

Also affects: Debian Linux 8.0, Enterprise Linux 7.4, 7.5

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-556c-qpr9-626c: An out-of-bounds write flaw was found in the way Pidgin before 22022-05-13
OSV
CVE-2017-2640: An out-of-bounds write flaw was found in the way Pidgin before 22018-07-27
CVEList
CVE-2017-2640: An out-of-bounds write flaw was found in the way Pidgin before 22018-07-27

📋Vendor Advisories

3
Ubuntu
Pidgin vulnerability2017-03-14
Red Hat
pidgin: Out-of-bounds write in purple_markup_unescape_entity triggered by invalid XML2017-03-10
Debian
CVE-2017-2640: pidgin - An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed ...2017

💬Community

3
Bugzilla
CVE-2017-2640 pidgin: Out-of-bounds write in purple_markup_unescape_entity triggered by invalid XML [fedora-all]2017-03-10
Bugzilla
CVE-2017-2640 pidgin: Out-of-bounds write in purple_markup_unescape_entity triggered by invalid XML2017-03-07
Bugzilla
CVE-2016-10094 libtiff: Off-by-one error in t2p_readwrite_pdf_image_tile() causing heap buffer overflow2017-01-04
CVE-2017-2640 — Out-of-bounds Write in Pidgin | cvebase