Ubuntu: Security Advisory (USN-3394-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-3394-1: libmspack vulnerabilities

It was discovered that libmspack incorrectly handled certain malformed CHM files. A remote attacker could use this issue to cause libmspack to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2017-6419 It was discovered that libmspack incorrectly handled certain...

USN-3394-1 libmspack vulnerabilities

It was discovered that libmspack incorrectly handled certain malformed CHM files. A remote attacker could use this issue to cause libmspack to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2017-6419 It was discovered that libmspack incorrectly handled certain...

Debian: Security Advisory (DSA-3946-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Heap overflow

mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted CHM file...

CVE-2017-6419

mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted CHM file...

ALPINE-CVE-2017-6419

mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted CHM file...

CVE-2017-6419

mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted CHM file...

DEBIAN-CVE-2017-6419

mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted CHM file...

CVE-2017-6419

CVE-2017-6419 affects ClamAV (and its use of libmspack 0.5alpha). The vulnerability is a heap-based overflow in mspack/lzxd.c that can be triggered by a crafted CHM file, potentially causing DoS or arbitrary code execution. Public advisories summarize the impact as DoS with possible code executio...

CVE-2017-6419

mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted CHM file...

ClamAV Buffer Overflow Vulnerability

ClamAV Clam AntiVirus is a free and open source antivirus program developed by the ClamAV team. The software is used to detect Trojans, viruses, malware and other malicious threats. libmspack is one of the libraries that compresses and decompresses files in formats such as Microsoft CAB, CHM and...

CVE-2017-6419

mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted CHM file...

PT-2017-17056

Name of the Vulnerable Software and Affected Versions libmspack version 0.5alpha ClamAV version 0.99.2 Description The issue allows remote attackers to cause a denial of service, resulting in a heap-based buffer overflow and application crash, or possibly have other unspecified impacts. This is...

UBUNTU-CVE-2017-6419

mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted CHM file...

DEBIAN-CVE-2017-11423

The cabdreadstring function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2 and other products, allows remote attackers to cause a denial of service stack-based buffer over-read and application crash via a crafted CAB file...

ALPINE-CVE-2017-11423

The cabdreadstring function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2 and other products, allows remote attackers to cause a denial of service stack-based buffer over-read and application crash via a crafted CAB file...

Stack overflow

The cabdreadstring function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2 and other products, allows remote attackers to cause a denial of service stack-based buffer over-read and application crash via a crafted CAB file...

CVE-2017-11423

The cabdreadstring function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2 and other products, allows remote attackers to cause a denial of service stack-based buffer over-read and application crash via a crafted CAB file...

CVE-2017-11423

CVE-2017-11423 affects libmspack’s cabd_read_string in mspack/cabd.c (0.5alpha) used by ClamAV before 0.99.4. A crafted CAB file can trigger a stack-based buffer over-read, causing denial of service. Connected advisories confirm the issue and point to upstream fixes in libmspack (0.6alpha and new...