CVE-2015-8833

NameCVE-2015-8833
DescriptionUse-after-free vulnerability in the create_smp_dialog function in gtk-dialog.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin before 4.0.2 for Pidgin allows remote attackers to execute arbitrary code via vectors related to the "Authenticate buddy" menu item.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-3528-1
NVD severityhigh (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
pidgin-otr (PTS)wheezy3.2.1-3+deb7u1fixed
jessie (security), jessie4.0.1-1+deb8u1fixed
stretch4.0.2-1fixed
buster, sid4.0.2-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
pidgin-otrsource(unstable)4.0.2-1high
pidgin-otrsourcejessie4.0.1-1+deb8u1highDSA-3528-1
pidgin-otrsourcewheezy(not affected)

Notes

[wheezy] - pidgin-otr <not-affected> (Vulnerable code not present)
https://blog.fuzzing-project.org/39-Heap-use-after-free-in-Pidgin-OTR-plugin.html
https://bugs.otr.im/issues/88
https://bugs.otr.im/issues/128
Fixed by: https://bugs.otr.im/projects/pidgin-otr/repository/revisions/aaf551b9dd5cbba8c4abaa3d4dc7ead860efef94
Introduced by: https://bugs.otr.im/projects/pidgin-otr/repository/revisions/c276bfa786bef8a4572a37d5633cf40f480d3ae0
http://www.openwall.com/lists/oss-security/2016/03/09/8

Search for package or bug name: Reporting problems