libgadu before 1.11.4 and 1.12.0 before 1.12.0-rc3, as used in Pidgin and other products, allows remote Gadu-Gadu file relay servers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted message.
Max CVSS
7.5
EPSS Score
2.13%
Published
2014-05-22
Updated
2016-12-22
libgadu before 1.12.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers.
Max CVSS
4.3
EPSS Score
0.13%
Published
2014-10-10
Updated
2023-02-13
2 vulnerabilities found