{"id":"USN-2390-1","summary":"pidgin vulnerabilities","details":"Jacob Appelbaum and an anonymous person discovered that Pidgin incorrectly\nhandled certificate validation. A remote attacker could exploit this to\nperform a machine-in-the-middle attack to view sensitive information or alter\nencrypted communications. (CVE-2014-3694)\n\nYves Younan and Richard Johnson discovered that Pidgin incorrectly handled\ncertain malformed MXit emoticons. A malicious remote server or a\nmachine-in-the-middle could use this issue to cause Pidgin to crash,\nresulting in a denial of service. (CVE-2014-3695)\n\nYves Younan and Richard Johnson discovered that Pidgin incorrectly handled\ncertain malformed Groupwise messages. A malicious remote server or a\nmachine-in-the-middle could use this issue to cause Pidgin to crash, \nresulting in a denial of service. (CVE-2014-3696)\n\nThijs Alkemade and Paul Aurich discovered that Pidgin incorrectly handled\nmemory when processing XMPP messages. A malicious remote server or user\ncould use this issue to cause Pidgin to disclosure arbitrary memory,\nresulting in an information leak. (CVE-2014-3698)\n","modified":"2026-04-22T09:03:38.400140Z","published":"2014-10-28T13:50:06Z","related":["UBUNTU-CVE-2014-3694","UBUNTU-CVE-2014-3695","UBUNTU-CVE-2014-3696","UBUNTU-CVE-2014-3698"],"upstream":["CVE-2014-3694","CVE-2014-3695","CVE-2014-3696","CVE-2014-3698","UBUNTU-CVE-2014-3694","UBUNTU-CVE-2014-3695","UBUNTU-CVE-2014-3696","UBUNTU-CVE-2014-3698"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-2390-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-3694"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-3695"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-3696"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-3698"}],"affected":[{"package":{"name":"pidgin","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/pidgin@1:2.10.9-0ubuntu3.2?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:2.10.9-0ubuntu3.2"}]}],"versions":["1:2.10.7-0ubuntu4.1","1:2.10.7-0ubuntu4.2","1:2.10.9-0ubuntu1","1:2.10.9-0ubuntu2","1:2.10.9-0ubuntu3","1:2.10.9-0ubuntu3.1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"1:2.10.9-0ubuntu3.2","binary_name":"finch"},{"binary_version":"1:2.10.9-0ubuntu3.2","binary_name":"libpurple-bin"},{"binary_version":"1:2.10.9-0ubuntu3.2","binary_name":"libpurple0"},{"binary_version":"1:2.10.9-0ubuntu3.2","binary_name":"pidgin"},{"binary_version":"1:2.10.9-0ubuntu3.2","binary_name":"pidgin-data"}]},"database_specific":{"cves_map":{"cves":[{"id":"CVE-2014-3694","severity":[{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2014-3695","severity":[{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2014-3696","severity":[{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2014-3698","severity":[{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:14.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-2390-1.json"}}],"schema_version":"1.7.5"}