MAGEIA-2018-455
Hanno Böck discovered that libmspack incorrectly handled certain CHM files. An attacker could possibly use this issue to cause a denial of service (CVE-2018-14679, CVE-2018-14680). Jakub Wilk discovered that libmspack incorrectly handled certain KWAJ files. An attacker could possibly use this issue to execute arbitrary code (CVE-2018-14681). Dmitry Glavatskikh discovered that libmspack incorrectly certain CHM files. An attacker could possibly use this issue to execute arbitrary code (CVE-2018-14682). If a CAB file has a Quantum-compressed datablock with exactly 38912 compressed bytes, cabextract would write exactly one byte beyond its input buffer (CVE-2018-18584). libmspack didn't reject blank CHM filenames that are blank because they have embedded null bytes, not just because they are zero-length (CVE-2018-18585). chmextract didn't protect from absolute/relative pathnames in CHM files (CVE-2018-18586).
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mageia | cabextract | 0, 1.9-1.mga6 |
| Mageia | libmspack | 0.9.1-0.alpha.1.mga6, 0 |
Timeline
- Nov 17, 2018 CVE Updated
- Nov 17, 2018 CVE Published
References
- Updated libmspack/cabextract packages fix security vulnerabilities advisory
- Updated libmspack/cabextract packages fix security vulnerabilities issue
- Updated libmspack/cabextract packages fix security vulnerabilities issue
- Updated libmspack/cabextract packages fix security vulnerabilities issue
- Updated libmspack/cabextract packages fix security vulnerabilities advisory