CVE-2014-3775
Severity CVSS v4.0:
Pending analysis
Type:
CWE-20
Input Validation
Publication date:
22/05/2014
Last modified:
06/05/2026
Description
libgadu before 1.11.4 and 1.12.0 before 1.12.0-rc3, as used in Pidgin and other products, allows remote Gadu-Gadu file relay servers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted message.
Impact
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:libgadu:libgadu:*:*:*:*:*:*:*:* | 1.11.4 (including) | |
| cpe:2.3:a:libgadu:libgadu:1.12.0:rc1:*:*:*:*:*:* | ||
| cpe:2.3:a:libgadu:libgadu:1.12.0:rc2:*:*:*:*:*:* | ||
| cpe:2.3:a:libgadu:libgadu:1.12.0:rc3:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://lists.ziew.org/pipermail/libgadu-devel/2014-May/001171.html
- http://lists.ziew.org/pipermail/libgadu-devel/2014-May/001180.html
- http://secunia.com/advisories/58668
- http://secunia.com/advisories/58870
- http://secunia.com/advisories/58871
- http://www.debian.org/security/2014/dsa-2935
- http://www.openwall.com/lists/oss-security/2014/05/19/3
- http://www.securityfocus.com/bid/67471
- http://www.ubuntu.com/usn/USN-2215-1
- http://www.ubuntu.com/usn/USN-2216-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1099776
- https://security.gentoo.org/glsa/201508-02
- http://lists.ziew.org/pipermail/libgadu-devel/2014-May/001171.html
- http://lists.ziew.org/pipermail/libgadu-devel/2014-May/001180.html
- http://secunia.com/advisories/58668
- http://secunia.com/advisories/58870
- http://secunia.com/advisories/58871
- http://www.debian.org/security/2014/dsa-2935
- http://www.openwall.com/lists/oss-security/2014/05/19/3
- http://www.securityfocus.com/bid/67471
- http://www.ubuntu.com/usn/USN-2215-1
- http://www.ubuntu.com/usn/USN-2216-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1099776
- https://security.gentoo.org/glsa/201508-02