CVE-2014-3694)Yves Younan and Richard Johnson discovered that Pidgin incorrectly handledcertain malformed MXit emoticons. A malicious remote server or a man in themiddle could use this issue to cause Pidgin to crash, resulting in a denialof service. (CVE-2014-3695)Yves Younan and Richard Johnson discovered that Pidgin incorrectly handledcertain malformed Groupwise messages. A malicious remote server or a man inthe middle could use this issue to cause Pidgin to crash, resulting in adenial of service. (CVE-2014-3696)Thijs Alkemade and Paul Aurich discovered that Pidgin incorrectly handledmemory when processing XMPP messages. A malicious remote server or usercould use this issue to cause Pidgin to disclosure arbitrary memory,resulting in an information leak. (CVE-2014-3698)"> OVAL Reference oval:org.mitre.oval:def:28262 - CERT Civis.Net
Oval Definition:
oval:org.mitre.oval:def:28262
Revision Date:
2015-03-09
Version:
6
Title:
USN-2390-1 -- Pidgin vulnerabilities
Description:
Jacob Appelbaum and an anonymous person discovered that Pidgin incorrectlyhandled certificate validation. A remote attacker could exploit this toperform a man in the middle attack to view sensitive information or alterencrypted communications. (CVE-2014-3694)Yves Younan and Richard Johnson discovered that Pidgin incorrectly handledcertain malformed MXit emoticons. A malicious remote server or a man in themiddle could use this issue to cause Pidgin to crash, resulting in a denialof service. (CVE-2014-3695)Yves Younan and Richard Johnson discovered that Pidgin incorrectly handledcertain malformed Groupwise messages. A malicious remote server or a man inthe middle could use this issue to cause Pidgin to crash, resulting in adenial of service. (CVE-2014-3696)Thijs Alkemade and Paul Aurich discovered that Pidgin incorrectly handledmemory when processing XMPP messages. A malicious remote server or usercould use this issue to cause Pidgin to disclosure arbitrary memory,resulting in an information leak. (CVE-2014-3698)