CVE-2014-3775 — Improper Input Validation in Libgadu

CWE-20 — Improper Input Validation9 documents7 sources

Severity

7.5HIGHNVD

EPSS

1.5%

top 19.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libgadu Debian Libgadu

Timeline

PublishedMay 22

Latest updateMay 17

Description

libgadu before 1.11.4 and 1.12.0 before 1.12.0-rc3, as used in Pidgin and other products, allows remote Gadu-Gadu file relay servers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted message.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/libgadu< libgadu 1:1.12.0~rc3-1 (bookworm)

▶Debianlibgadu/libgadu< 1:1.12.0~rc3-1+3

▶NVDlibgadu/libgadu1.11.4+1

🔴Vulnerability Details

GHSA

GHSA-gwr9-jc3r-3ff3: libgadu before 1↗2022-05-17

▶

OSV

CVE-2014-3775: libgadu before 1↗2014-05-22

▶

📋Vendor Advisories

Ubuntu

Pidgin vulnerability↗2014-05-21

▶

Ubuntu

libgadu vulnerability↗2014-05-21

▶

Red Hat

libgadu: server response memory corruption issue↗2014-05-07

▶

Debian

CVE-2014-3775: libgadu - libgadu before 1.11.4 and 1.12.0 before 1.12.0-rc3, as used in Pidgin and other ...↗2014

▶

💬Community

Bugzilla

CVE-2014-3775 libgadu: server response memory corruption issue [fedora-all]↗2014-05-21

▶

Bugzilla

CVE-2014-3775 libgadu: server response memory corruption issue↗2014-05-21

▶