2 matches found
CVE-2017-6419
CVE-2017-6419 affects ClamAV (and its use of libmspack 0.5alpha). The vulnerability is a heap-based overflow in mspack/lzxd.c that can be triggered by a crafted CHM file, potentially causing DoS or arbitrary code execution. Public advisories summarize the impact as DoS with possible code executio...
CVE-2017-11423
CVE-2017-11423 affects libmspack’s cabd_read_string in mspack/cabd.c (0.5alpha) used by ClamAV before 0.99.4. A crafted CAB file can trigger a stack-based buffer over-read, causing denial of service. Connected advisories confirm the issue and point to upstream fixes in libmspack (0.6alpha and new...