CVE-2014-3775

NameCVE-2014-3775
Descriptionlibgadu before 1.11.4 and 1.12.0 before 1.12.0-rc3, as used in Pidgin and other products, allows remote Gadu-Gadu file relay servers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted message.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-2935-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libgadu (PTS)jessie1:1.12.0-5fixed
stretch1:1.12.1-4fixed
buster1:1.12.2-3fixed
bullseye1:1.12.2-5fixed
bookworm1:1.12.2-6fixed
sid, trixie1:1.12.2-6.1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libgadusourcesqueeze(not affected)
libgadusourcewheezy1:1.11.2-1+deb7u2DSA-2935-1
libgadusource(unstable)1:1.12.0~rc3-1

Notes

[squeeze] - libgadu <not-affected> (Vulnerable code not present)

Search for package or bug name: Reporting problems