11 matches found
CVE-2017-6419
CVE-2017-6419 affects ClamAV (and its use of libmspack 0.5alpha). The vulnerability is a heap-based overflow in mspack/lzxd.c that can be triggered by a crafted CHM file, potentially causing DoS or arbitrary code execution. Public advisories summarize the impact as DoS with possible code executio...
CVE-2017-11423
CVE-2017-11423 affects libmspack’s cabd_read_string in mspack/cabd.c (0.5alpha) used by ClamAV before 0.99.4. A crafted CAB file can trigger a stack-based buffer over-read, causing denial of service. Connected advisories confirm the issue and point to upstream fixes in libmspack (0.6alpha and new...
CVE-2018-18584
CVE-2018-18584 affects libmspack and cabextract. In mspack/cab.h, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write (before 0.8alpha for libmspack and before 1.8 for cabextract). Remediation involves upgrading to fixed versions (e.g....
CVE-2014-9556
CVE-2014-9556 affects libmspack 0.4 with an integer overflow in qtmd_decompress that can be triggered by a crafted CAB file, causing a remote denial of service via an infinite loop. Connected advisories indicate the issue is addressed by updates in downstream packages (e.g., cabextract/libmspack)...
CVE-2015-4470
CVE-2015-4470 is an off-by-one error in the inflate function (mszipd.c) of libmspack prior to 0.5, enabling remote DoS (buffer over-read) via a crafted CAB archive. Several advisories note fixes in libmspack via SUSE security updates (e.g., SUSE-SU-2015/2016-1x) addressing this and related CVEs (...
CVE-2015-4471
CVE-2015-4471 affects libmspack (component: lzxd_decompress in lzxd.c) with an off-by-one error in pre-0.5 versions. A crafted CAB archive can trigger a denial of service via a buffer under-read. Affected products are libmspack deployments; remote attackers can exploit it without authentication. ...
CVE-2015-4472
CVE-2015-4472 is a vulnerability in libmspack prior to 0.5 where an off-by-one error in the READ_ENCINT macro (in chmd.c) can be triggered by a crafted CHM file, potentially causing a denial of service (application crash) and possibly other impact. It affects libmspack’s CHM/CAB handling and is d...
CVE-2015-4468
CVE-2015-4468 affects libmspack, specifically the CHM handling in the chmd.c path where the search_chunk function and related integer operations trigger overflows. Connected sources describe a denial-of-service impact (buffer over-read/crash) when processing crafted CHM files, caused by improper ...
CVE-2015-4469
CVE-2015-4469 corresponds to a vulnerability in libmspack where chmd_read_headers() in chmd.c does not validate name lengths. This can be triggered by a crafted CHM file to cause a denial of service via a buffer over-read and application crash. The security issue is tied to libmspack prior to ver...
CVE-2014-9732
CVE-2014-9732 affects libmspack: the cabd_extract function mishandles decompression callbacks when a crafted CAB follows a valid file, enabling DoS via NULL pointer dereference and crash. Public details are in the NVD description and OSV/SUSE advisories; fixes were released in SUSE advisories SUS...
CVE-2015-4467
CVE-2015-4467 relates to libmspack prior to 0.5, where chmd_init_decomp does not validate the reset interval, enabling a remote attacker to trigger a divide-by-zero in CHM processing and crash the application (DoS). The issue is rooted in improper bounds/interval handling in the chmd.c path; an c...