46 matches found
Linux Distros Unpatched Vulnerability : CVE-2018-14681
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in kwajdreadheaders in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte...
SUSE SLES12 Security Update : clamav (SUSE-SU-2021:3859-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2021:3859-1 advisory. - An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number...
SUSE SLES12 Security Update : clamav (SUSE-SU-2021:3853-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2021:3853-1 advisory. - An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number...
CVE-2018-18584
In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write...
Improper NULL Byte Parsing
libmspack parses NULL bytes in an insecure manner. The chmdreadheaders function in mspack/chmd.c accepts filenames that has \0 as its first or second character. This could allow attackers to bypass input validations or authorization controls...
Amazon Linux 2 : libmspack (ALAS-2019-1152)
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER macro for CHM decompression.CVE-2018-14682 An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.CVE-2018-14680 An issue was...
ALPINE-CVE-2018-18585
chmdreadheaders in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character such as the "/\0" name...
CVE-2018-18585
chmdreadheaders in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character such as the "/\0" name...
CVE-2018-18584
In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write...
CVE-2018-18585
chmdreadheaders in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character such as the "/\0" name...
CVE-2018-18585
chmdreadheaders in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character such as the "/\0" name...
CVE-2018-18584
CVE-2018-18584 affects libmspack and cabextract. In mspack/cab.h, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write (before 0.8alpha for libmspack and before 1.8 for cabextract). Remediation involves upgrading to fixed versions (e.g....
CVE-2018-18585
chmdreadheaders in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character such as the "/\0" name...
CVE-2018-18584
In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write...
CVE-2018-18584
In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write...
FreeBSD : clamav -- multiple vulnerabilities (8b812395-c739-11e8-ab5b-9c5c8e75236a)
Joel Esler reports : - CVE-2018-15378 : - Vulnerability in ClamAV's MEW unpacking feature that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. - Reported by Secunia Research at Flexera. - Fix for a 2-byte buffer over-read bug in...
CVE-2018-14680
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames...
Design/Logic Flaw
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames...
Design/Logic Flaw
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service uninitialized data dereference and application crash...
CVE-2018-14679
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service uninitialized data dereference and application crash...