CVE-2014-3697

N/A Unknown
Published: October 29, 2014 Modified: May 06, 2026
View on NVD

Description

Absolute path traversal vulnerability in the untar_block function in win32/untar.c in Pidgin before 2.10.10 on Windows allows remote attackers to write to arbitrary files via a drive name in a tar archive of a smiley theme.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://hg.pidgin.im/pidgin/main/rev/68b8eb10977f
Source: secalert@redhat.com
Patch
http://lists.opensuse.org/opensuse-updates/2014-11/msg00023.html
Source: secalert@redhat.com
http://lists.opensuse.org/opensuse-updates/2014-11/msg00037.html
Source: secalert@redhat.com
http://pidgin.im/news/security/?id=89
Source: secalert@redhat.com
Patch Vendor Advisory
http://hg.pidgin.im/pidgin/main/rev/68b8eb10977f
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
http://lists.opensuse.org/opensuse-updates/2014-11/msg00023.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://lists.opensuse.org/opensuse-updates/2014-11/msg00037.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://pidgin.im/news/security/?id=89
Source: af854a3a-2127-422b-91ae-364da2661108
Patch Vendor Advisory

8 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
1.0%
78th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-22

Affected Vendors

pidgin

Related CVEs

CVE-2026-48303 10.0
CVE-2026-48292 7.8
CVE-2026-48291 7.8
CVE-2026-47961 5.5
CVE-2026-47960 7.4