Memory Corruption

libmspack is vulnerable to memory corruption. The vulnerability exists in the function TOLOWER of the file mspack/chmd.c of the component CHM Compression. This would impact the confidentiality, integrity, and availability of the system...

Denial Of Service (DoS)

libmspack is vulnerable to denial of service DoS attacks. This vulnerability exists in an unknown part of the file mspack/chmd.c of the component CHM Filename Handler. The manipulation as a part of a blank file name could cause an application crash affecting the availability of the system...

Fedora Update for libmspack FEDORA-2018-a5953af115

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

The vulnerability of the Libmspack library and the CAB-file decompression utility SabExtract, which allows a hacker to execute arbitrary code or cause a service failure.

The vulnerability of the Libmspack library mspack/cab.h and the CAB-file decompression utilities provided by SabExtract are related to memory buffer overflow attacks. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause system failures remotely...

openSUSE Security Update : libmspack (openSUSE-2019-1149)

This update for libmspack fixes the following issues : Security issues fixed : - CVE-2018-18584: The CAB block input buffer was one byte too small for the maximal Quantum block, leading to an out-of-bounds write. bsc1113038 - CVE-2018-18585: chmdreadheaders accepted a filename that has '\0' as it...

cabextract, libmspack: Multiple vulnerabilities

Background cabextract is free software for extracting Microsoft cabinet files. libmspack is a portable library for some loosely related Microsoft compression formats Description Multiple vulnerabilities have been discovered in cabextract and libmspack. Please review the CVE identifiers referenced...

GLSA-201903-20 : cabextract, libmspack: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201903-20 cabextract, libmspack: Multiple vulnerabilities Multiple vulnerabilities have been discovered in cabextract and libmspack. Please review the CVE identifiers referenced below for details. Impact : Please review the...

SUSE SLES11 Security Update : libmspack (SUSE-SU-2019:13992-1)

This update for libmspack fixes the following issues : Security issues fixed : CVE-2018-18584: The CAB block input buffer was one byte too small for the maximal Quantum block, leading to an out-of-bounds write. bsc1113038 CVE-2018-18585: chmdreadheaders accepted a filename that has '\0' as its...

SUSE-SU-2019:13992-1 Security update for libmspack

This update for libmspack fixes the following issues: Security issues fixed: - CVE-2018-18584: The CAB block input buffer was one byte too small for the maximal Quantum block, leading to an out-of-bounds write. bsc1113038 - CVE-2018-18585: chmdreadheaders accepted a filename that has '\0' as its...

SUSE SLED15 / SLES15 Security Update : libmspack (SUSE-SU-2019:0748-1)

This update for libmspack fixes the following issues : Security issues fixed : CVE-2018-18584: The CAB block input buffer was one byte too small for the maximal Quantum block, leading to an out-of-bounds write. bsc1113038 CVE-2018-18585: chmdreadheaders accepted a filename that has '\0' as its...

openSUSE Security Update : clamav (openSUSE-2019-821)

This update for clamav fixes the following issues : clamav was updated to version 0.100.2. Following security issues were fixed : - CVE-2018-15378: Vulnerability in ClamAV's MEW unpacking feature that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an...

openSUSE Security Update : clamav (openSUSE-2019-598)

This update for clamav to version 0.100.1 fixes the following issues: The following security vulnerabilities were addressed : - CVE-2018-0360: HWP integer overflow, infinite loop vulnerability bsc1101410 - CVE-2018-0361: PDF object length check, unreasonably long time to parse relatively small fi...

SUSE-SU-2019:0748-1 Security update for libmspack

This update for libmspack fixes the following issues: Security issues fixed: - CVE-2018-18584: The CAB block input buffer was one byte too small for the maximal Quantum block, leading to an out-of-bounds write. bsc1113038 - CVE-2018-18585: chmdreadheaders accepted a filename that has '\0' as its...

Security Bulletin: Vulnerabiliies in libmspack affect PowerKVM

Summary PowerKVM is affected by vulnerabilities in libmspack. IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2018-14682 DESCRIPTION: libmspack is vulnerable to a denial of service, caused by an off-by-one in mspack/chmd.c in the TOLOWER macro for CHM decompression. ...

Libmspack Project Buffer Overflow (CVE-2018-18584)

Buffer overflow vulnerability exists in the libmspack library. This vulnerability is due to improper handling of block alignment. Successful exploitation of the vulnerability may result in arbitrary code execution...

PT-2019-4926

Name of the Vulnerable Software and Affected Versions libmspack version 0.9.1alpha Description The issue is caused by a buffer overflow in the chmd read headers function in the libmspack library, which can allow a remote attacker to disclose protected information using a specially crafted chm fil...

Photon OS 2.0: Libmspack PHSA-2018-2.0-0050

An update of the libmspack package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2018-2.0-0050. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 2.0: Libmspack PHSA-2018-2.0-0110

An update of the libmspack package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2018-2.0-0110. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 1.0: Libmspack PHSA-2018-1.0-0140

An update of the libmspack package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2018-1.0-0140. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 1.0: Libmspack PHSA-2018-1.0-0167

An update of the libmspack package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2018-1.0-0167. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...