CVE-2014-3697CVE-2014-3697

Affected configuration(s):

cpe:/a:pidgin:pidgin:2.10.0
cpe:/a:pidgin:pidgin:2.10.1
cpe:/a:pidgin:pidgin:2.10.2
cpe:/a:pidgin:pidgin:2.10.3
cpe:/a:pidgin:pidgin:2.10.4
cpe:/a:pidgin:pidgin:2.10.5
cpe:/a:pidgin:pidgin:2.10.6
cpe:/a:pidgin:pidgin:2.10.7
cpe:/a:pidgin:pidgin:2.10.8
cpe:/a:pidgin:pidgin:2.10.9

Date published: 2014-10-29T06:55:04.447-04:00

Date last modified: 2014-11-19T21:59:17.740-05:00

CVSS Score: 6.4

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://hg.pidgin.im/pidgin/main/rev/68b8eb10977f

Summary: Absolute path traversal vulnerability in the untar_block function in win32/untar.c in Pidgin before 2.10.10 on Windows allows remote attackers to write to arbitrary files via a drive name in a tar archive of a smiley theme.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.