VDB
CVE-2015-8833
CVE-2015-8833
REJECTED
Use-after-free vulnerability in the create_smp_dialog function in gtk-dialog.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin before 4.0.2 for Pidgin allows remote attackers to execute arbitrary code via vectors related to the "Authenticate buddy" menu item.
EPSS 16.46% · 95.0th percentile
Risk Scores
EPSS Score
16.46%
95.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | pidgin-otr | 0, 4.0.1-1build1, 4.0.1-2 |
Timeline
- Apr 8, 2016 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jun 1, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2015-8833 third-party-advisory
- https://blog.fuzzing-project.org/39-Heap-use-after-free-in-Pidgin-OTR-plugin.html third-party-advisory
- https://bugs.otr.im/issues/88 third-party-advisory
- https://bugs.otr.im/issues/128 third-party-advisory
- https://bugs.otr.im/projects/pidgin-otr/repository/revisions/aaf551b9dd5cbba8c4abaa3d4dc7ead860efef94 third-party-advisory
- http://www.openwall.com/lists/oss-security/2016/03/09/8 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2015-8833 third-party-advisory