Path Traversal Vulnerability in Pidgin for Windows
CVE-2014-3697

Currently unrated

Key Information:

Vendor

Pidgin

Status
Pidgin
Vendor
CVE Published:
29 October 2014

What is CVE-2014-3697?

An absolute path traversal vulnerability exists in the untar_block function of Pidgin prior to version 2.10.10 on Windows. This vulnerability permits remote attackers to write files to arbitrary locations on the victim's filesystem by exploiting a crafted tar archive, specifically one containing a maliciously constructed smiley theme. This can lead to unauthorized file access or modification, posing significant risks to users who utilize the affected versions of Pidgin. It is crucial for users to update to the latest version to mitigate potential threats stemming from this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://pidgin.im/news/security/?id=89
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-updates/2014-11/msg000...
vendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-updates/2014-11/msg000...
vendor-advisoryx_refsource_SUSE

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.