485 matches found
USN-3394-1: libmspack vulnerabilities
It was discovered that libmspack incorrectly handled certain malformed CHM files. A remote attacker could use this issue to cause libmspack to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2017-6419 It was discovered that libmspack incorrectly handled certain...
USN-3394-1 libmspack vulnerabilities
It was discovered that libmspack incorrectly handled certain malformed CHM files. A remote attacker could use this issue to cause libmspack to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2017-6419 It was discovered that libmspack incorrectly handled certain...
Debian: Security Advisory (DSA-3946-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2017-6419
mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted CHM file...
Heap overflow
mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted CHM file...
CVE-2017-6419
mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted CHM file...
DEBIAN-CVE-2017-6419
mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted CHM file...
ALPINE-CVE-2017-6419
mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted CHM file...
CVE-2017-6419
CVE-2017-6419 affects ClamAV (and its use of libmspack 0.5alpha). The vulnerability is a heap-based overflow in mspack/lzxd.c that can be triggered by a crafted CHM file, potentially causing DoS or arbitrary code execution. Public advisories summarize the impact as DoS with possible code executio...
CVE-2017-6419
mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted CHM file...
ClamAV Buffer Overflow Vulnerability
ClamAV Clam AntiVirus is a free and open source antivirus program developed by the ClamAV team. The software is used to detect Trojans, viruses, malware and other malicious threats. libmspack is one of the libraries that compresses and decompresses files in formats such as Microsoft CAB, CHM and...
UBUNTU-CVE-2017-6419
mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted CHM file...
PT-2017-17056
Name of the Vulnerable Software and Affected Versions libmspack version 0.5alpha ClamAV version 0.99.2 Description The issue allows remote attackers to cause a denial of service, resulting in a heap-based buffer overflow and application crash, or possibly have other unspecified impacts. This is...
Stack overflow
The cabdreadstring function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2 and other products, allows remote attackers to cause a denial of service stack-based buffer over-read and application crash via a crafted CAB file...
ALPINE-CVE-2017-11423
The cabdreadstring function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2 and other products, allows remote attackers to cause a denial of service stack-based buffer over-read and application crash via a crafted CAB file...
CVE-2017-11423
CVE-2017-11423 affects libmspack’s cabd_read_string in mspack/cabd.c (0.5alpha) used by ClamAV before 0.99.4. A crafted CAB file can trigger a stack-based buffer over-read, causing denial of service. Connected advisories confirm the issue and point to upstream fixes in libmspack (0.6alpha and new...
UBUNTU-CVE-2017-11423
The cabdreadstring function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2 and other products, allows remote attackers to cause a denial of service stack-based buffer over-read and application crash via a crafted CAB file...
Symantec Web Gateway Anti-Virus Definition < 20160628.037 Multiple Vulnerabilities (SYM16-010) (credentialed check)
According to its self-reported anti-virus definition version number, the remote web server is hosting a version of Symantec Web Gateway with an anti-virus definition version prior to 20160628.037. It is, therefore, affected by multiple vulnerabilities : - An array indexing error exists in the UnR...
Symantec Messaging Gateway 10.x < 10.6.1-4 Multiple Vulnerabilities (SYM16-010)
According to its self-reported version number, the Symantec Messaging Gateway SMG running on the remote host is 10.x prior to 10.6.1-4. It is, therefore, affected by multiple vulnerabilities : - An array indexing error exists in the UnRAR component in the Unpack::ShortLZ function in unpack15.cpp...
PT-2017-3937
Name of the Vulnerable Software and Affected Versions libmspack versions prior to 0.7alpha Description The issue is related to the kwajd read headers function in libmspack, which can cause a one or two byte overwrite due to bad KWAJ file header extensions. This can lead to a buffer overflow in...