KLA10448
Multiple Pidgin vulnerabilities
Updated: 06/17/2019
Detect date
?
10/22/2014
Severity
?
High
Description

Multiple serious vulnerabilities have been found in Pidgin. Malicious users can exploit these vulnerabilities to cause denial of service, obtain sensitive information and write local files.

Below is a complete list of vulnerabilities

  1. Vectors related to Jabber protocol can be exploited remotely via a specially designed XMPP message;
  2. Improper SSL consider can be exploited remotely via a specially designed certificate;
  3. Vectors related to MXit protocol can be exploited remotely via a specially designed certificate;
  4. Vectors related to Novell GroupWise protocol can be exploited remotely via a specially designed server message;
  5. A path traversal vulnerability can be exploited remotely via specially designed smiley theme.
Affected products

Pidgin versions earlier than 2.10.10

Solution

Update to latest version
Get Pidgin

Impacts
?
OSI 
[?]

DoS 
[?]

WLF 
[?]
CVE-IDS
?
CVE-2014-36955.0Critical
CVE-2014-36946.4High
CVE-2014-36985.0Critical
CVE-2014-36976.4High
CVE-2014-36965.0Critical