CVE-2014-3775

NameCVE-2014-3775
Descriptionlibgadu before 1.11.4 and 1.12.0 before 1.12.0-rc3, as used in Pidgin and other products, allows remote Gadu-Gadu file relay servers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted message.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-2935-1
NVD severityhigh (attack range: remote)
Debian/oldstablenot vulnerable.
Debian/stablenot vulnerable.
Debian/testingnot vulnerable.
Debian/unstablenot vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libgadu (PTS)squeeze (security), squeeze1:1.9.0-2+squeeze2fixed
wheezy, wheezy (security)1:1.11.2-1+deb7u2fixed
jessie, sid1:1.12.0-5fixed

The information above is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libgadusource(unstable)1:1.12.0~rc3-1high
libgadusourcesqueeze(not affected)
libgadusourcewheezy1:1.11.2-1+deb7u2highDSA-2935-1

Notes

[squeeze] - libgadu <not-affected> (Vulnerable code not present)

Search for package or bug name: Reporting problems