6 matches found
CVE-2015-4470
CVE-2015-4470 is an off-by-one error in the inflate function (mszipd.c) of libmspack prior to 0.5, enabling remote DoS (buffer over-read) via a crafted CAB archive. Several advisories note fixes in libmspack via SUSE security updates (e.g., SUSE-SU-2015/2016-1x) addressing this and related CVEs (...
CVE-2015-4471
CVE-2015-4471 affects libmspack (component: lzxd_decompress in lzxd.c) with an off-by-one error in pre-0.5 versions. A crafted CAB archive can trigger a denial of service via a buffer under-read. Affected products are libmspack deployments; remote attackers can exploit it without authentication. ...
CVE-2015-4468
CVE-2015-4468 affects libmspack, specifically the CHM handling in the chmd.c path where the search_chunk function and related integer operations trigger overflows. Connected sources describe a denial-of-service impact (buffer over-read/crash) when processing crafted CHM files, caused by improper ...
CVE-2015-4469
CVE-2015-4469 corresponds to a vulnerability in libmspack where chmd_read_headers() in chmd.c does not validate name lengths. This can be triggered by a crafted CHM file to cause a denial of service via a buffer over-read and application crash. The security issue is tied to libmspack prior to ver...
CVE-2014-9732
CVE-2014-9732 affects libmspack: the cabd_extract function mishandles decompression callbacks when a crafted CAB follows a valid file, enabling DoS via NULL pointer dereference and crash. Public details are in the NVD description and OSV/SUSE advisories; fixes were released in SUSE advisories SUS...
CVE-2015-4467
CVE-2015-4467 relates to libmspack prior to 0.5, where chmd_init_decomp does not validate the reset interval, enabling a remote attacker to trigger a divide-by-zero in CHM processing and crash the application (DoS). The issue is rooted in improper bounds/interval handling in the chmd.c path; an c...