CVE-2015-8833 | Vulnerability Database | Aqua Security

Use-after-free vulnerability in the create_smp_dialog function in gtk-dialog.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin before 4.0.2 for Pidgin allows remote attackers to execute arbitrary code via vectors related to the Authenticate buddy menu item.

Affected Software

Name	Vendor	Start Version	End Version
Pidgin-otr	Cypherpunks	*	4.0.1 (including)
Pidgin-otr	Ubuntu	precise	*
Pidgin-otr	Ubuntu	trusty	*
Pidgin-otr	Ubuntu	upstream	*
Pidgin-otr	Ubuntu	wily	*

References

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00095.html
http://lists.opensuse.org/opensuse-updates/2016-03/msg00109.html
http://www.debian.org/security/2016/dsa-3528
http://www.openwall.com/lists/oss-security/2016/03/09/13
http://www.openwall.com/lists/oss-security/2016/03/09/8
http://www.securityfocus.com/bid/84295
https://blog.fuzzing-project.org/39-Heap-use-after-free-in-Pidgin-OTR-plugin-CVE-2015-8833.html
https://bugs.otr.im/issues/128
https://bugs.otr.im/issues/88
https://bugs.otr.im/projects/pidgin-otr/repository/revisions/aaf551b9dd5cbba8c4abaa3d4dc7ead860efef94
https://lists.cypherpunks.ca/pipermail/otr-users/2016-March/002582.html
https://security.gentoo.org/glsa/201701-10

NVD	https://nvd.nist.gov/vuln/detail/CVE-2015-8833
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html