Debian Security Advisory

DSA-2852-1 libgadu -- heap-based buffer overflow

Date Reported:
06 Feb 2014
Affected Packages:
libgadu
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2013-6487.
More information:

Yves Younan and Ryan Pentney discovered that libgadu, a library for accessing the Gadu-Gadu instant messaging service, contained an integer overflow leading to a buffer overflow. Attackers which impersonate the server could crash clients and potentially execute arbitrary code.

For the oldstable distribution (squeeze), this problem has been fixed in version 1:1.9.0-2+squeeze2.

For the stable distribution (wheezy), this problem has been fixed in version 1:1.11.2-1+deb7u1.

For the unstable distribution (sid), this problem has been fixed in version 1:1.11.3-1.

We recommend that you upgrade your libgadu packages.