Search CVE reports


Toggle filters

1 – 10 of 18 results


CVE-2019-1010305

Medium priority

Some fixes available 11 of 13

libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmd_read_headers() in libmspack(file libmspack/mspack/chmd.c). The attack vector is: the victim must open a...

2 affected packages

clamav, libmspack

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
clamav Not affected Not affected Not affected Not affected Not affected
libmspack Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2018-18586

Negligible priority
Not affected

** DISPUTED ** chmextract.c in the chmextract sample program, as distributed with libmspack before 0.8alpha, does not protect against absolute/relative pathnames in CHM files, leading to Directory Traversal. NOTE: the vendor...

2 affected packages

clamav, libmspack

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
clamav Not affected Not affected
libmspack Not affected Not affected
Show less packages

CVE-2018-18585

Medium priority

Some fixes available 4 of 5

chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name).

2 affected packages

clamav, libmspack

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
clamav Not affected Not affected Not affected Not affected Not affected
libmspack Not affected Not affected Not affected Fixed Fixed
Show less packages

CVE-2018-18584

Medium priority
Fixed

In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.

3 affected packages

cabextract, clamav, libmspack

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cabextract Not affected Not affected Not affected Not affected
clamav Not affected Not affected Not affected Not affected
libmspack Not affected Not affected Fixed Fixed
Show less packages

CVE-2018-14682

Medium priority

Some fixes available 3 of 4

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.

2 affected packages

clamav, libmspack

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
clamav Not affected Not affected Not affected Not affected Not affected
libmspack Not affected Not affected Not affected Fixed Fixed
Show less packages

CVE-2018-14681

Medium priority

Some fixes available 3 of 4

An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.

2 affected packages

clamav, libmspack

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
clamav Not affected Not affected Not affected Not affected Not affected
libmspack Not affected Not affected Not affected Fixed Fixed
Show less packages

CVE-2018-14680

Medium priority

Some fixes available 3 of 4

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.

2 affected packages

clamav, libmspack

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
clamav Not affected Not affected Not affected Not affected Not affected
libmspack Not affected Not affected Not affected Fixed Fixed
Show less packages

CVE-2018-14679

Medium priority

Some fixes available 3 of 4

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and...

2 affected packages

clamav, libmspack

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
clamav Not affected Not affected Not affected Not affected Not affected
libmspack Not affected Not affected Not affected Fixed Fixed
Show less packages

CVE-2017-6419

Medium priority

Some fixes available 3 of 4

mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file.

2 affected packages

clamav, libmspack

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
clamav Not affected Not affected Not affected Not affected Not affected
libmspack Not affected Not affected Not affected Not affected Fixed
Show less packages

CVE-2017-11423

Medium priority

Some fixes available 2 of 4

The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2 and other products, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a...

2 affected packages

clamav, libmspack

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
clamav Not affected Not affected Not affected Not affected Not affected
libmspack Not affected Not affected Not affected Not affected Fixed
Show less packages