CVE-2017-2640
Description
An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.952
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| graphical multi-protocol instant messaging client for X (USN-3031-1) libpurple0_2.10.3-0ubuntu1.8_i386.deb | Linux |
| graphical multi-protocol instant messaging client for X (USN-3031-1) libpurple0_2.10.3-0ubuntu1.8_amd64.deb | Linux |
| graphical multi-protocol instant messaging client for X (USN-3031-1) libpurple0_2.10.9-0ubuntu3.4_i386.deb | Linux |
| graphical multi-protocol instant messaging client for X (USN-3031-1) libpurple0_2.10.9-0ubuntu3.4_amd64.deb | Linux |
| graphical multi-protocol instant messaging client for X (USN-3231-1) libpurple0_2.10.3-0ubuntu1.8_i386.deb | Linux |
| graphical multi-protocol instant messaging client for X (USN-3231-1) libpurple0_2.10.3-0ubuntu1.8_amd64.deb | Linux |
| graphical multi-protocol instant messaging client for X (USN-3231-1) libpurple0_2.10.9-0ubuntu3.4_i386.deb | Linux |
| graphical multi-protocol instant messaging client for X (USN-3231-1) libpurple0_2.10.9-0ubuntu3.4_amd64.deb | Linux |
| pidgin security update(DSA-3806-1) pidgin_2.11.0-0+deb8u2_kfreebsd-i386.deb | Linux |
| pidgin security update(DSA-3806-1) pidgin_2.11.0-0+deb8u2_kfreebsd-amd64.deb | Linux |
| (RHSA-2017:1854)Moderate: security, bug fix, and enhancement update pidgin-debuginfo-2.10.11-5.el7.i686.rpm | Linux |
| (RHSA-2017:1854)Moderate: security, bug fix, and enhancement update pidgin-debuginfo-2.10.11-5.el7.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234