106 matches found
EUVD-2005-3661
Malware in sbrugna...
EUVD-2007-3859
Malware in sbrugna...
EUVD-2015-4488
Malware in sbrugna...
EUVD-2015-4492
Malware in sbrugna...
EUVD-2015-1720
Malware in sbrugna...
EUVD-2019-2041
Malware in sbrugna...
Denial Of Service (DoS)
libmspack is vulnerable to Denial Of Service DoS. The vulnerability exists due to the chmdreadheaders function of chmd.c which does not properly validate name lengths, which allows an attacker to cause an application crash through the maliciously crafted CHM file...
SUSE CVE-2005-2930
Stack-based buffer overflow in the chmfindinPMGL function in chmlib.c for chmlib before 0.36, as used in products such as KchmViewer, allows user-assisted attackers to execute arbitrary code via a CHM file containing a long element, a different vulnerability than CVE-2005-3318...
SUSE CVE-2007-1997
Integer signedness error in the 1 cabunstore and 2 cabextract functions in libclamav/cab.c in Clam AntiVirus ClamAV before 0.90.2 allow remote attackers to execute arbitrary code via a crafted CHM file that contains a negative integer, which passes a signed comparison and leads to a stack-based...
SUSE CVE-2008-1389
libclamav/chmunpack.c in the chm-parser in ClamAV before 0.94 allows remote attackers to cause a denial of service application crash via a malformed CHM file, related to an "invalid memory access."...
CVE-2022-20770
On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus ClamAV versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an...
CVE-2022-20770
On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus ClamAV versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an...
ClamAV CHM File Parsing Denial of Service Vulnerability Affecting Cisco Products: May 2022
On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus ClamAV versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an...
Exploit for Out-of-bounds Write in 7-Zip
7-Zip CVE 2022-29072 - Powershell Detection/Mitigation...
AlmaLinux 8 : libmspack (ALSA-2020:1686)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2020:1686 advisory. - libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmdreadheaders in libmspackfile...
SUSE SLES12 Security Update : libmspack (SUSE-SU-2020:2711-1)
This update for libmspack fixes the following issues : Security issues fixed : CVE-2019-1010305: Fixed a buffer overflow triggered by a crafted chm file which could have led to information disclosure bsc1141680. CVE-2018-18584: The CAB block input buffer was one byte too small for the maximal...
Arbitrary Code Execution
libmspack is vulnerable to arbitrary code execution. The vulnerability exists as mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a...
CHM file freezes when you enter characters in Search box on the Index tab in Windows 8.1 or Windows Server 2012 R2
CHM file freezes when you enter characters in Search box on the Index tab in Windows 8.1 or Windows Server 2012 R2 This article describes an issue that occurs when you enter characters in the Search box on the Index tab in a Compiled HTML Help .chm file in Windows 8.1, Windows RT 8.1, or Windows...
Debian DLA-1895-1 : libmspack security update
JsHuang found an issue in libmspack, a library for Microsoft compression format. Opening a crafted chm file might result in a buffer overflow which might disclose confidential information. For Debian 8 'Jessie', this problem has been fixed in version 0.5-1+deb8u4. We recommend that you upgrade yo...
Buffer Overflow
libmspack is vulnerable to buffer overflow. The function chmdreadheaders in ibmspack/mspack/chmd.c does not handle the CHM file name properly, allowing an attacker to read past the allocated buffer if a malicious file starting with :: and length shorter than 33 bytes is provided...