13 matches found
EUVD-2014-9370
Malware in sbrugna...
EUVD-2015-4492
Malware in sbrugna...
EUVD-2015-4487
Malware in sbrugna...
EUVD-2018-10304
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2018-18585
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - chmdreadheaders in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character such as the /\0 name...
Alibaba Cloud Linux 3 : 0058: libmspack (ALINUX3-SA-2022:0058)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2022:0058 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2019-1010305: libmspack 0.9.1alpha is affected...
SUSE SLED15 / SLES15 Security Update : libmspack (SUSE-SU-2021:2802-1)
The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2802-1 advisory. - An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk numbe...
RHEL 7 : libmspack (RHSA-2020:3848)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:3848 advisory. The libmspack packages contain a library providing compression and extraction of the Cabinet CAB file format used by Microsoft. Security Fixes:...
USN-3814-1 libmspack vulnerabilities
It was discovered libmspack incorrectly handled certain malformed CAB files. A remote attacker could use this issue to cause libmspack to crash, resulting in a denial of service. CVE-2018-18584, CVE-2018-18585...
CVE-2018-18586
chmextract.c in the chmextract sample program, as distributed with libmspack before 0.8alpha, does not protect against absolute/relative pathnames in CHM files, leading to Directory Traversal. NOTE: the vendor disputes that this is a libmspack vulnerability, because chmextract.c was only intended...
CVE-2018-18585
chmdreadheaders in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character such as the "/\0" name...
CVE-2015-4469
The chmdreadheaders function in chmd.c in libmspack before 0.5 does not validate name lengths, which allows remote attackers to cause a denial of service buffer over-read and application crash via a crafted CHM file...
CVE-2014-9732
The cabdextract function in cabd.c in libmspack before 0.5 does not properly maintain decompression callbacks in certain cases where an invalid file follows a valid file, which allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted CAB...