Pidgin Security Advisory

TitleSmiley theme installation lack of escaping
Date2004-08-22
CVE NameCVE-2004-0784
Discovered ByA Gaim Crazy Patch Writer
SummaryDragging a carefully crafted smiley theme filename onto Gaim could cause arbitrary command execution.
DescriptionTo install a new smiley theme, a user can drag a tarball from a graphical file manager, or a hypertext link to one from a web browser. When a tarball is dragged, Gaim executes a shell command to untar it. However, it does not escape the filename before sending it to the shell. Thus, a specially crafted filename could execute arbitrary commands if the user could be convinced to drag a file into the smiley theme selector.
Fixed in Version0.82
FixFilenames are now escaped using g_shell_quote().

Return to Security Advisory Index