CVE-2016-2380

CVE Database · CVE-2016-2380

CVE-2016-2380

· N/AModified

CVSS v3.1

N/A

EPSS

1.75%

Published

Jan 6, 2017

Modified

May 6, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent to the server could potentially result in an out-of-bounds read. A user could be convinced to enter a particular string which would then get converted incorrectly and could lead to a potential out-of-bounds read.

Weaknesses (CWE)

CWE-125CWE-200

Affected Products (5)

pidgin · pidginvulnerable

canonical · ubuntu_linuxvulnerable

debian · debian_linuxvulnerable

References (12)

http://www.debian.org/security/2016/dsa-3620

Third Party Advisory

http://www.pidgin.im/news/security/?id=96

PatchVendor Advisory

http://www.securityfocus.com/bid/91335