Summary Malicious smiley themes could alter arbitrary files
Date 2014-10-22
CVE Number CVE-2014-3697
Discovered By Yves Younan of Cisco Talos
Fixed In Release 2.10.10


A bug in the untar code on Windows could allow a malicious smiley theme to place a file anywhere on the file system, or alter an existing file when installing a smiley theme via drag and drop on Windows.


Fix the untar code to ensure all paths are relative.

Looking to reach us via XMPP? Check out the new PidginChat service!