CVE-2014-3697

Published: 29 October 2014

Absolute path traversal vulnerability in the untar_block function in win32/untar.c in Pidgin before 2.10.10 on Windows allows remote attackers to write to arbitrary files via a drive name in a tar archive of a smiley theme.

Notes

Author	Note
jdstrand	Windows only

Priority

Status

Package	Release	Status
pidgin Launchpad, Ubuntu, Debian	lucid	Ignored (end of life)
	precise	Not vulnerable
	trusty	Not vulnerable
	upstream	Needs triage
	utopic	Not vulnerable

References

http://pidgin.im/news/security/?id=89
http://hg.pidgin.im/pidgin/main/rev/68b8eb10977f
https://www.cve.org/CVERecord?id=CVE-2014-3697
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›