FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2015-8833

This CVE name corresponds to:

Entered Topic
2016-03-10 pidgin-otr -- use after free

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2015-8833 at cve.mitre.org

Details

Type Candidate
Name CVE-2015-8833
Phase Assigned(20160309)

Description

Use-after-free vulnerability in the create_smp_dialog function in gtk-dialog.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin before 4.0.2 for Pidgin allows remote attackers to execute arbitrary code via vectors related to the "Authenticate buddy" menu item.

References

Source Reference
MLIST [OTR-users] 20160309 New releases of libotr (4.1.1) and pidgin-otr (4.0.2) available
MLIST [oss-security] 20160309 Heap use after free in Pidgin-OTR plugin
MLIST [oss-security] 20160309 Re: Heap use after free in Pidgin-OTR plugin
MISC https://blog.fuzzing-project.org/39-Heap-use-after-free-in-Pidgin-OTR-plugin-CVE-2015-8833.html
CONFIRM https://bugs.otr.im/issues/128
CONFIRM https://bugs.otr.im/issues/88
CONFIRM https://bugs.otr.im/projects/pidgin-otr/repository/revisions/aaf551b9dd5cbba8c4abaa3d4dc7ead860efef94

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.