Pidgin Security Advisory

TitleMalicious smiley themes could alter arbitrary files
CVE NameCVE-2014-3697
Discovered ByYves Younan of Cisco Talos
DescriptionA bug in the untar code on Windows could allow a malicious smiley theme to place a file anywhere on the file system, or alter an existing file when installing a smiley theme via drag and drop on Windows.
Fixed in Revision68b8eb10977f
Fixed in Version2.10.10
FixFix the untar code to ensure all paths are relative.

Return to Security Advisory Index