Bugzilla – Bug 991706
VUL-0: CVE-2016-4323: pidgin: MXIT Splash Image Arbitrary File Overwrite Vulnerability
Last modified: 2020-11-10 21:20:04 UTC
rh#1348857 A directory traversal exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an overwrite of files. A malicious server or someone with access to the network traffic can provide an invalid filename for a splash image triggering the vulnerability. External references: http://www.talosintel.com/reports/TALOS-2016-0128/ http://www.pidgin.im/news/security/?id=97 References: https://bugzilla.redhat.com/show_bug.cgi?id=1348857
part of the https://bitbucket.org/pidgin/main/commits/5fa3f2bc69d7 fix
bugbot adjusting priority
With Mxit officially shut down its services in 2016 and pidgin dropped support to the protocol since 2.12. Efforts to backport the fix won't make much sense. Discussed with Johannes and decided to close this as WONTFIX.