Lucene search

K

Ubuntu.comUB:CVE-2015-4471

HistoryJun 11, 2015 - 12:00 a.m.

CVE-2015-4471

2015-06-1100:00:00

ubuntu.com

ubuntu.com

7

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.009 Low

EPSS

Percentile

82.6%

Off-by-one error in the lzxd_decompress function in lzxd.c in libmspack
before 0.5 allows remote attackers to cause a denial of service (buffer
under-read and application crash) via a crafted CAB archive.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775499>

OSVersionArchitecturePackageVersionFilename
ubuntu14.04noarchcabextract< 1.4-4ubuntu0.1~esm1UNKNOWN
ubuntu14.04noarchlibmspack< 0.4-1ubuntu0.1~esm1UNKNOWN

References

openwall.com/lists/oss-security/2015/02/03/11

www.openwall.com/lists/oss-security/2015/02/03/11

bugs.debian.org/775499

github.com/kyz/libmspack/commit/18b6a2cc0b87536015bedd4f7763e6b02d5aa4f3

launchpad.net/bugs/cve/CVE-2015-4471

nvd.nist.gov/vuln/detail/CVE-2015-4471

security-tracker.debian.org/tracker/CVE-2015-4471

www.cve.org/CVERecord?id=CVE-2015-4471

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.009 Low

EPSS

Percentile

82.6%

Related for UB:CVE-2015-4471

cve1 nvd1 debiancve1 prion1 cvelist1 nessus3 openvas2