CVE-2017-2640

Impact:
Moderate
Public Date:
2017-03-10
IAVA:
2017-B-0029
CWE:
CWE-787
Bugzilla:
1430019: CVE-2017-2640 pidgin: Out-of-bounds write in purple_markup_unescape_entity triggered by invalid XML
An out-of-bounds write flaw was found in the way Pidgin processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process.

Find out more about CVE-2017-2640 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

CVSS3 Base Score 7.5
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity Impact High
Availability Impact High

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 7 (pidgin) RHSA-2017:1854 2017-08-01

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 6 pidgin Will not fix
Red Hat Enterprise Linux 5 pidgin Will not fix

Acknowledgements

Red Hat would like to thank the Pidgin project for reporting this issue.

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact Red Hat Product Security.

Last Modified
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.