Summary Pidgin MXIT File Transfer Length Memory Disclosure Vulnerability
Date 2016-06-21
CVE Number CVE-2016-2372
Talos Report ID TALOS-2016-0140
Discovered By Yves Younan of Cisco Talos
Fixed In Release 2.11.0


A malicious user, server, or man-in-the-middle could trigger a crash or unexpected writing of data from memory to file.


Various changes to the chunk decoding.

Looking to reach us via XMPP? Check out the new PidginChat service!