Lucene search
+L
Libmspack ProjectLibmspack

6 matches found

CVE
CVE
added 2015/06/11 2:0 p.m.66 views

CVE-2015-4470

CVE-2015-4470 is an off-by-one error in the inflate function (mszipd.c) of libmspack prior to 0.5, enabling remote DoS (buffer over-read) via a crafted CAB archive. Several advisories note fixes in libmspack via SUSE security updates (e.g., SUSE-SU-2015/2016-1x) addressing this and related CVEs (...

4.3CVSS6.4AI score0.01455EPSS
CVE
CVE
added 2015/06/11 2:0 p.m.63 views

CVE-2015-4471

CVE-2015-4471 affects libmspack (component: lzxd_decompress in lzxd.c) with an off-by-one error in pre-0.5 versions. A crafted CAB archive can trigger a denial of service via a buffer under-read. Affected products are libmspack deployments; remote attackers can exploit it without authentication. ...

4.3CVSS6.4AI score0.02319EPSS
CVE
CVE
added 2015/06/11 2:0 p.m.62 views

CVE-2015-4468

CVE-2015-4468 affects libmspack, specifically the CHM handling in the chmd.c path where the search_chunk function and related integer operations trigger overflows. Connected sources describe a denial-of-service impact (buffer over-read/crash) when processing crafted CHM files, caused by improper ...

4.3CVSS6.5AI score0.01456EPSS
CVE
CVE
added 2015/06/11 2:0 p.m.59 views

CVE-2015-4469

CVE-2015-4469 corresponds to a vulnerability in libmspack where chmd_read_headers() in chmd.c does not validate name lengths. This can be triggered by a crafted CHM file to cause a denial of service via a buffer over-read and application crash. The security issue is tied to libmspack prior to ver...

4.3CVSS6.5AI score0.01456EPSS
CVE
CVE
added 2015/06/11 2:0 p.m.54 views

CVE-2014-9732

CVE-2014-9732 affects libmspack: the cabd_extract function mishandles decompression callbacks when a crafted CAB follows a valid file, enabling DoS via NULL pointer dereference and crash. Public details are in the NVD description and OSV/SUSE advisories; fixes were released in SUSE advisories SUS...

4.3CVSS6.4AI score0.07164EPSS
CVE
CVE
added 2015/06/11 2:0 p.m.52 views

CVE-2015-4467

CVE-2015-4467 relates to libmspack prior to 0.5, where chmd_init_decomp does not validate the reset interval, enabling a remote attacker to trigger a divide-by-zero in CHM processing and crash the application (DoS). The issue is rooted in improper bounds/interval handling in the chmd.c path; an c...

4.3CVSS6.5AI score0.01456EPSS