CVE-2014-3775

libgadu before 1.11.4 and 1.12.0 before 1.12.0-rc3, as used in Pidgin and other products, allows remote Gadu-Gadu file relay servers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted message.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 79%
VendorProductVersion
libgadulibgadu
𝑥
≤ 1.11.4
libgadulibgadu
1.12.0:rc1
libgadulibgadu
1.12.0:rc2
libgadulibgadu
1.12.0:rc3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libgadu
bullseye
1:1.12.2-5
fixed
squeeze
not-affected
bookworm
1:1.12.2-6
fixed
sid
1:1.12.2-6.1
fixed
trixie
1:1.12.2-6.1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libgadu
disco
not-affected
cosmic
not-affected
bionic
not-affected
artful
not-affected
zesty
not-affected
yakkety
not-affected
xenial
not-affected
wily
not-affected
vivid
not-affected
utopic
not-affected
trusty
dne
saucy
Fixed 1:1.11.2-1ubuntu1.2
released
precise
Fixed 1:1.11.1-1ubuntu0.2
released
lucid
ignored
pidgin
disco
Fixed 1:2.10.9-0ubuntu4
released
cosmic
Fixed 1:2.10.9-0ubuntu4
released
bionic
Fixed 1:2.10.9-0ubuntu4
released
artful
Fixed 1:2.10.9-0ubuntu4
released
zesty
Fixed 1:2.10.9-0ubuntu4
released
yakkety
Fixed 1:2.10.9-0ubuntu4
released
xenial
Fixed 1:2.10.9-0ubuntu4
released
wily
Fixed 1:2.10.9-0ubuntu4
released
vivid
Fixed 1:2.10.9-0ubuntu4
released
utopic
Fixed 1:2.10.9-0ubuntu4
released
trusty
Fixed 1:2.10.9-0ubuntu3.1
released
saucy
Fixed 1:2.10.7-0ubuntu4.1.13.10.2
released
precise
Fixed 1:2.10.3-0ubuntu1.5
released
lucid
ignored
Common Weakness Enumeration
References
http://lists.ziew.org/pipermail/libgadu-devel/2014-May/001171.html
http://lists.ziew.org/pipermail/libgadu-devel/2014-May/001180.html
http://secunia.com/advisories/58668
http://secunia.com/advisories/58870
http://secunia.com/advisories/58871
http://www.debian.org/security/2014/dsa-2935
http://www.openwall.com/lists/oss-security/2014/05/19/3
http://www.securityfocus.com/bid/67471
http://www.ubuntu.com/usn/USN-2215-1
http://www.ubuntu.com/usn/USN-2216-1
https://bugzilla.redhat.com/show_bug.cgi?id=1099776
https://security.gentoo.org/glsa/201508-02
http://lists.ziew.org/pipermail/libgadu-devel/2014-May/001171.html
http://lists.ziew.org/pipermail/libgadu-devel/2014-May/001180.html
http://secunia.com/advisories/58668
http://secunia.com/advisories/58870
http://secunia.com/advisories/58871
http://www.debian.org/security/2014/dsa-2935
http://www.openwall.com/lists/oss-security/2014/05/19/3
http://www.securityfocus.com/bid/67471
http://www.ubuntu.com/usn/USN-2215-1
http://www.ubuntu.com/usn/USN-2216-1
https://bugzilla.redhat.com/show_bug.cgi?id=1099776
https://security.gentoo.org/glsa/201508-02