CVE-2015-4467

The chmdinitdecomp function in chmd.c in libmspack before 0.5 does not properly validate the reset interval, which allows remote attackers to cause a denial of service divide-by-zero error and application crash via a crafted CHM file...

PT-2015-6600

Name of the Vulnerable Software and Affected Versions libmspack versions prior to 0.5 Description The issue is related to the chmd read headers function in chmd.c, which does not validate name lengths. This allows remote attackers to cause a denial of service, resulting in a buffer over-read and...

PT-2015-6598

Name of the Vulnerable Software and Affected Versions libmspack versions prior to 0.5 Description The issue concerns the chmd init decomp function in chmd.c, which does not properly validate the reset interval. This allows remote attackers to cause a denial of service, resulting in a divide-by-ze...

PT-2015-6599

Name of the Vulnerable Software and Affected Versions libmspack versions prior to 0.5 Description The issue is related to multiple integer overflows in the search chunk function in chmd.c. This allows remote attackers to cause a denial of service, resulting in a buffer over-read and application...

PT-2015-6603

Name of the Vulnerable Software and Affected Versions libmspack versions prior to 0.5 Description The issue is caused by an off-by-one error in the READ ENCINT macro in chmd.c, which allows remote attackers to cause a denial of service, resulting in an application crash, or possibly have other...

FreeBSD : libmspack -- frame_end overflow which could cause infinite loop (cc7548ef-06e1-11e5-8fda-002590263bf5)

There is a denial of service vulnerability in libmspack. The libmspack code is built into cabextract, so it is also vulnerable. MITRE reports : Integer overflow in the qtmddecompress function in libmspack 0.4 allows remote attackers to cause a denial of service hang via a crafted CAB file, which...

[SECURITY] [DLA 233-1] clamav security and upstream version update

Package : clamav Version : 0.98.7+dfsg-0+deb6u1 CVE ID : CVE-2014-9328 CVE-2015-1461 CVE-2015-1462 CVE-2015-1463 CVE-2015-2170 CVE-2015-2221 CVE-2015-2222 CVE-2015-2668 Upstream published version 0.98.7. This update updates sqeeze-lts to the latest upstream release in line with the approach used...

Debian DLA-233-1 : clamav security and upstream version update

Upstream published version 0.98.7. This update updates sqeeze-lts to the latest upstream release in line with the approach used for other Debian releases. The changes are not strictly required for operation, but users of the previous version in Squeeze may not be able to make use of all current...

DLA-233-1 clamav - security update

Bulletin has no description...

Mandriva Linux Security Advisory : cabextract (MDVSA-2015:064)

Updated cabextract packages fix security vulnerabilities : Libmspack, a library to provide compression and decompression of some file formats used by Microsoft, is embedded in cabextract. A specially crafted cab file can cause cabextract to hang forever. If cabextract is exposed to any...

Fedora 20 : libmspack-0.5-0.1.alpha.fc20 (2015-3205)

updated to bugfix release 0.5alpha Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300...

SuSE 11.3 Security Update : libmspack (SAT Patch Number 10402)

This update fixes the following security issue : - An integer overflow in the function qtmddecompress could have been exploited causing a denial of service endless loop bnc912214. CVE-2014-9556 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

Fedora 21 : libmspack-0.5-0.1.alpha.fc21 (2015-3249)

updated to bugfix release 0.5alpha Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300...

Fedora 22 : libmspack-0.5-0.1.alpha.fc22 (2015-3118)

updated to bugfix release 0.5alpha Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300...

Fedora Update for libmspack FEDORA-2015-3249

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for libmspack FEDORA-2015-3205

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 22 Update: libmspack-0.5-0.1.alpha.fc22

The purpose of libmspack is to provide both compression and decompression of some loosely related file formats used by Microsoft...

[SECURITY] Fedora 21 Update: libmspack-0.5-0.1.alpha.fc21

The purpose of libmspack is to provide both compression and decompression of some loosely related file formats used by Microsoft...

[SECURITY] Fedora 20 Update: libmspack-0.5-0.1.alpha.fc20

The purpose of libmspack is to provide both compression and decompression of some loosely related file formats used by Microsoft...

openSUSE Security Update : libmspack (openSUSE-2015-208)

This update fixes previous security update, which was not considered as complete. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2015-208. The text description of this plugin is C SU...