{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-27T01:13:45.893","vulnerabilities":[{"cve":{"id":"CVE-2016-4323","sourceIdentifier":"cret@cert.org","published":"2017-01-06T21:59:01.523","lastModified":"2025-04-20T01:37:25.860","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A directory traversal exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an overwrite of files. A malicious server or someone with access to the network traffic can provide an invalid filename for a splash image triggering the vulnerability."},{"lang":"es","value":"Exste un salto de directorio en el manejo del protocolo MXIT en Pidgin. Datos MXIT especialmente manipulados enviados desde el servidor podrían resultar potencialmente en una sobreescritura de archivos. un servidor malicioso o alguien con acceso al tráfico de red puede proveer un nombre de archivo inválido para una imagen gráfica que desencadena la vulnerabilidad."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:P","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*","versionEndIncluding":"2.10.12","matchCriteriaId":"874D8FC9-41D0-49C7-9F8F-5C2DD33516AF"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*","matchCriteriaId":"B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","matchCriteriaId":"B5A6F2F3-4894-4392-8296-3B8DD2679084"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*","matchCriteriaId":"E88A537F-F4D0-46B9-9E37-965233C2A355"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]}],"references":[{"url":"http://www.debian.org/security/2016/dsa-3620","source":"cret@cert.org","tags":["Third Party Advisory"]},{"url":"http://www.pidgin.im/news/security/?id=97","source":"cret@cert.org","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/91335","source":"cret@cert.org"},{"url":"http://www.talosintelligence.com/reports/TALOS-2016-0128/","source":"cret@cert.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://www.ubuntu.com/usn/USN-3031-1","source":"cret@cert.org","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201701-38","source":"cret@cert.org"},{"url":"http://www.debian.org/security/2016/dsa-3620","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.pidgin.im/news/security/?id=97","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/91335","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.talosintelligence.com/reports/TALOS-2016-0128/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"http://www.ubuntu.com/usn/USN-3031-1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201701-38","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}