KLA10781Code execution vulnerability in pidgin-otr plugin.

2016-04-11T00:00:00
ID KLA10781
Type kaspersky
Reporter Kaspersky Lab
Modified 2019-03-07T00:00:00

Description

Detect date:

04/11/2016

Severity:

Critical

Description:

Use-after-free vulnerability was found in Off-the-Record Messaging (OTR) pidgin-otr plugin. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via vectors related to the “Authenticate buddy” menu item.

Affected products:

Off-the-Record Messaging (OTR) pidgin-otr plugin versions earlier 4.0.2

Solution:

Update to the latest version
Download page with latest version of pidgin-otr plugin

Impacts:

ACE

Related products:

Pidgin

CVE-IDS:

CVE-2015-883310.0Critical