Security impact of CVE 2017-2640
dkholia at redhat.com
Thu Mar 30 03:53:03 EDT 2017
I work in Red Hat's Product Security Team and I am trying to understand
the security impact of CVE 2017-2640 (Out-of-bounds write when stripping
The CVE description says that an out-of-bounds write when invalid XML is
sent by a malicious server. What does this out-of-bounds write result
in? Does it cause Pidgin to crash? Does it cause memory (heap / stack)
corruption? If yes, can the memory corruption lead to code execution?
Currently, Red Hat and SUSE are treating this is a code execution
vulnerability. This can be confirmed from the CVSS score assigned to
It would be great if I could get answers to these questions. It would
help me assessing the true security impact of this CVE.
More information about the security