541 matches found
CVE-2022-20770 ClamAV CHM File Parsing Denial of Service Vulnerability Affecting Cisco Products: April 2022
On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus ClamAV versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an...
CVE-2022-20770
On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus ClamAV versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an...
CVE-2022-20770 ClamAV CHM File Parsing Denial of Service Vulnerability Affecting Cisco Products: April 2022
On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus ClamAV versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an...
CVE-2022-20770
On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus ClamAV versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an...
ClamAV CHM File Parsing Denial of Service Vulnerability Affecting Cisco Products: May 2022
On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus ClamAV versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an...
clamav -- Multiple vulnerabilities
The ClamAV project reports: Fixed a possible double-free vulnerability in the OLE2 file parser. Issue affects versions 0.104.0 through 0.104.2. Issue identified by OSS-Fuzz. Fixed a possible infinite loop vulnerability in the CHM file parser. Issue affects versions 0.104.0 through 0.104.2 and LTS...
Exploit for Out-of-bounds Write in 7-Zip
7-Zip CVE 2022-29072 - Powershell Detection/Mitigation...
Microsoft Help Files Disguise Vidar Malware
Where’s the last place you’d expect to find malware? In an email from your mother? Embedded in software you trust and use everyday actually, that’s probably the first place you should look? How about in a technical documentation file? In a report published Thursday, Trustwave SpiderLabs revealed ...
AlmaLinux 8 : libmspack (ALSA-2020:1686)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2020:1686 advisory. - libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmdreadheaders in libmspackfile...
openSUSE 15 Security Update : libmspack (openSUSE-SU-2022:0069-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2022:0069-1 advisory. - DISPUTED chmextract.c in the chmextract sample program, as distributed with libmspack before 0.8alpha, does not protect against absolute/relative...
Security update for libmspack (moderate)
openSUSE Security Update: Security update for libmspack Announcement ID: openSUSE-SU-2021:1200-1 Rating: moderate References: 1103032 Cross-References: CVE-2018-14679 CVE-2018-14681 CVE-2018-14682 CVSS scores: CVE-2018-14679 NVD : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-14679...
openSUSE 15 Security Update : libmspack (openSUSE-SU-2021:2802-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:2802-1 advisory. - An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number...
SUSE: Security Advisory (SUSE-SU-2012:0858-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Masslogger Swipes Outlook, Chrome Credentials
Cybercriminals are targeting Windows users with a new variant of the Masslogger trojan, which is spyware designed to swipe victims’ credentials from Microsoft Outlook, Google Chrome and various instant-messenger accounts. Researchers uncovered the campaign targeting users in Italy, Latvia and...
SUSE SLES12 Security Update : libmspack (SUSE-SU-2020:2711-1)
This update for libmspack fixes the following issues : Security issues fixed : CVE-2019-1010305: Fixed a buffer overflow triggered by a crafted chm file which could have led to information disclosure bsc1141680. CVE-2018-18584: The CAB block input buffer was one byte too small for the maximal...
Moderate: Red Hat Security Advisory: okular security update
An update for okular is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
chm-montalivet.com Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1188384 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...
Arbitrary Code Execution
libmspack is vulnerable to arbitrary code execution. The vulnerability exists as mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a...
libmspack: buffer overflow in function chmd_read_headers()
libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmdreadheaders in libmspackfile libmspack/mspack/chmd.c. The attack vector is: the victim must open a specially crafted chm file. The fixed version is: after commit...
CHM file freezes when you enter characters in Search box on the Index tab in Windows 8.1 or Windows Server 2012 R2
CHM file freezes when you enter characters in Search box on the Index tab in Windows 8.1 or Windows Server 2012 R2 This article describes an issue that occurs when you enter characters in the Search box on the Index tab in a Compiled HTML Help .chm file in Windows 8.1, Windows RT 8.1, or Windows...