CVE-2011-3185 — Improper Input Validation in Pidgin

Severity

9.3CRITICALNVD

EPSS

5.1%

top 10.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedAug 29

Latest updateMay 17

Description

gtkutils.c in Pidgin before 2.10.0 on Windows allows user-assisted remote attackers to execute arbitrary programs via a file: URL in a message.

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

▶NVDpidgin/pidgin2.9.0+53

GHSA

GHSA-vrrf-4f63-4j27: gtkutils↗2022-05-17

▶

GHSA

GHSA-qcwp-776m-mf57: gtkutils↗2022-05-14

▶

Debian

CVE-2013-6486: pidgin - gtkutils.c in Pidgin before 2.10.8 on Windows allows user-assisted remote attack...↗2013

▶

Debian

CVE-2011-3185: pidgin - gtkutils.c in Pidgin before 2.10.0 on Windows allows user-assisted remote attack...↗2011

▶