Pidgin Security Advisory
| Title | Malicious smiley themes could alter arbitrary files |
|---|
| Date | 2014-10-22 |
|---|
| CVE Name | CVE-2014-3697 |
|---|
| Discovered By | Yves Younan of Cisco Talos |
|---|
| Description | A bug in the untar code on Windows could allow a malicious smiley theme to place a file anywhere on the file system, or alter an existing file when installing a smiley theme via drag and drop on Windows. |
|---|
| Fixed in Revision | 68b8eb10977f |
|---|
| Fixed in Version | 2.10.10 |
|---|
| Fix | Fix the untar code to ensure all paths are relative. |
|---|
Return to Security Advisory Index
