DEBIAN-CVE-2019-1010305

libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmdreadheaders in libmspackfile libmspack/mspack/chmd.c. The attack vector is: the victim must open a specially crafted chm file. The fixed version is: after commit...

ALPINE-CVE-2019-1010305

libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmdreadheaders in libmspackfile libmspack/mspack/chmd.c. The attack vector is: the victim must open a specially crafted chm file. The fixed version is: after commit...

CVE-2019-9896

In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable...

CVE-2019-9896

In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable...

CVE-2019-9896

In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable...

CVE-2019-9896

In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable...

Dell EMC RSA Authentication Manager Cross-Site Scripting Vulnerability (CNVD-2018-20085)

Dell EMC RSA Authentication Manager is a centralized suite of binary authentication software from Dell, Inc. The software centralizes the management of binary identities, security tokens, methods and users across physical sites. A cross-site scripting vulnerability exists in the MadCap Flare Help...

DEBIAN-CVE-2018-14679

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service uninitialized data dereference and application crash...

Apache Tika Chmparser Denial Of Service (CVE-2018-1339)

A denial-of-service vulnerability exists in Apache Tika. The vulnerability is due to improper handling of a Microsoft Compiled HTML Help file during enumerating its listing chunks...

DEBIAN-CVE-2017-6419

mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted CHM file...

ALPINE-CVE-2017-6419

mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted CHM file...

PT-2017-17056

Name of the Vulnerable Software and Affected Versions libmspack version 0.5alpha ClamAV version 0.99.2 Description The issue allows remote attackers to cause a denial of service, resulting in a heap-based buffer overflow and application crash, or possibly have other unspecified impacts. This is...

DEBIAN-CVE-2015-4469

The chmdreadheaders function in chmd.c in libmspack before 0.5 does not validate name lengths, which allows remote attackers to cause a denial of service buffer over-read and application crash via a crafted CHM file...

UBUNTU-CVE-2015-4468

Multiple integer overflows in the searchchunk function in chmd.c in libmspack before 0.5 allow remote attackers to cause a denial of service buffer over-read and application crash via a crafted CHM file...

UBUNTU-CVE-2015-4469

The chmdreadheaders function in chmd.c in libmspack before 0.5 does not validate name lengths, which allows remote attackers to cause a denial of service buffer over-read and application crash via a crafted CHM file...

UBUNTU-CVE-2015-4467

The chmdinitdecomp function in chmd.c in libmspack before 0.5 does not properly validate the reset interval, which allows remote attackers to cause a denial of service divide-by-zero error and application crash via a crafted CHM file...

PT-2015-6600

Name of the Vulnerable Software and Affected Versions libmspack versions prior to 0.5 Description The issue is related to the chmd read headers function in chmd.c, which does not validate name lengths. This allows remote attackers to cause a denial of service, resulting in a buffer over-read and...

PT-2015-6598

Name of the Vulnerable Software and Affected Versions libmspack versions prior to 0.5 Description The issue concerns the chmd init decomp function in chmd.c, which does not properly validate the reset interval. This allows remote attackers to cause a denial of service, resulting in a divide-by-ze...

arCHMage Directory Traversal Vulnerability

arCHMage is the software developer Basil Shubin is responsible for maintaining a CHM Help File Format format file reader and decompiler. A directory traversal vulnerability exists in arCHMage version 0.2.4. A remote attacker can write an arbitrary file via the directory traversal character '...' ...

Libmspack CHM Decompression Divide by Zero Denial of Service Vulnerability

Libmspack is a library of related Microsoft compression formats such as CAB, CHM, HLP, LIT, KWAJ and SZDD. Libmspack's handling of specially crafted CHM files suffers from a divide-by-zero denial-of-service vulnerability, which can be exploited by remote attackers to crash an application...