KLA10781
Code execution vulnerability in pidgin-otr plugin.
Updated: 06/01/2019
Detect date
?
04/11/2016
Severity
?
Critical
Description

Use-after-free vulnerability was found in Off-the-Record Messaging (OTR) pidgin-otr plugin. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via vectors related to the “Authenticate buddy” menu item.


Technical details

This vulnerability is in the create_smp_dialog function in gtk-dialog.c and related to the “Authenticate buddy” menu item.

Affected products

Off-the-Record Messaging (OTR) pidgin-otr plugin versions earlier 4.0.2

Solution

Update to the latest version
Download page with latest version of pidgin-otr plugin

Impacts
?
ACE 
[?]
CVE-IDS
?
CVE-2015-883310.0Critical