CVE-2014-3775

libgadu < 1.11.4 and 1.12.0-rc3 - Remote Code Execution via Crafted Message

Title source: llm
STIX 2.1

Description

libgadu before 1.11.4 and 1.12.0 before 1.12.0-rc3, as used in Pidgin and other products, allows remote Gadu-Gadu file relay servers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted message.

References (12)

Core 12
Core References
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201508-02
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1099776
Various Sources mailing-list x_refsource_mlist
http://lists.ziew.org/pipermail/libgadu-devel/2014-May/001180.html
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2215-1
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/58870
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2014/dsa-2935
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/05/19/3
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/58668
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2216-1
Various Sources mailing-list x_refsource_mlist
http://lists.ziew.org/pipermail/libgadu-devel/2014-May/001171.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/58871
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/67471

Scores

EPSS 0.0378
EPSS Percentile 88.7%

Details

CWE
CWE-20
Status published
Products (2)
libgadu/libgadu 1.12.0 rc1 (3 CPE variants)
libgadu/libgadu < 1.11.4
Published May 22, 2014
Tracked Since Feb 18, 2026