CVE-2016-4323

Summary

A directory traversal exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an overwrite of files. A malicious server or someone with access to the network traffic can provide an invalid filename for a splash image triggering the vulnerability.

Affected Software

VendorProductVersion RangeStatus
PidginPidgin2.10.11affected

Weaknesses

  • directory traversal

ADP Enrichment

CVE Program Container

Additional References

References