3 matches found
CVE-2019-1010305
CVE-2019-1010305 affects libmspack: the chmd_read_headers() function in the library can cause a buffer overflow when opening a specially crafted CHM file, with information disclosure as the impact. Exploitation requires opening the crafted CHM; the advisory notes a fixed version after commit 2f08...
CVE-2018-18585
CVE-2018-18585 affects libmspack prior to 0.8alpha, where chmd_read_headers in mspack/chmd.c accepts a filename with a NULL byte as the first or second character (e.g., "/\0"). Multiple downstream advisories reference this CVE and link to libmspack updates; Amazon Linux 2 ALAS2-2019-1310 explicit...
CVE-2018-18586
CVE-2018-18586 affects libmspack (chmextract.c). The issue is directory traversal via absolute/relative CHM file paths due to insufficient path protection. OpenSUSE/SUSE advisories fix by adding anti-’../’ and leading-slash checks (e.g., libmspack-devel-0.11-2 and related patches). Exploitation d...