CVE-2015-4468

2015-06-1100:00:00

ubuntu.com

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.006 Low

EPSS

Percentile

78.6%

JSON

Multiple integer overflows in the search_chunk function in chmd.c in
libmspack before 0.5 allow remote attackers to cause a denial of service
(buffer over-read and application crash) via a crafted CHM file.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774726>

OSVersionArchitecturePackageVersionFilename
ubuntu14.04noarchlibmspack< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	14.04	noarch	libmspack	< any	UNKNOWN

References

anonscm.debian.org/cgit/collab-maint/libmspack.git/diff/debian/patches/fix-pointer-arithmetic-overflow.patch?id=a25bb144795e526748b57884daf365732c7e2295

openwall.com/lists/oss-security/2015/02/03/11

www.openwall.com/lists/oss-security/2015/02/03/11

bugs.debian.org/774726

launchpad.net/bugs/cve/CVE-2015-4468

nvd.nist.gov/vuln/detail/CVE-2015-4468

security-tracker.debian.org/tracker/CVE-2015-4468

www.cve.org/CVERecord?id=CVE-2015-4468