| Summary: | [TRACKER] libmspack: multiple vulnerabilities (CVE-2018-{14679,14680,14681,14682}) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Hanno Böck <hanno> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | fonts, maracay, reavertm |
| Priority: | Normal | Keywords: | Tracker |
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 662874, 662876 | ||
| Bug Blocks: | |||
|
Description
Hanno Böck
2018-07-26 07:12:41 UTC
Issue was assigned a CVE. https://nvd.nist.gov/vuln/detail/CVE-2018-14681 Correction, multiple CVEs have been assigned: https://nvd.nist.gov/vuln/detail/CVE-2018-14679 An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash). https://nvd.nist.gov/vuln/detail/CVE-2018-14680 An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames. https://nvd.nist.gov/vuln/detail/CVE-2018-14681 An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite. https://nvd.nist.gov/vuln/detail/CVE-2018-14682 An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression. @ Hanno: I don't see security fixes in cabextract-1.7 release note. Looks like a normal release which adds new important features, but nothing for a security bug. Am I missing something? |