Summary: | [TRACKER] libmspack: multiple vulnerabilities (CVE-2018-{14679,14680,14681,14682}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Hanno Böck <hanno> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | fonts, maracay, reavertm |
Priority: | Normal | Keywords: | Tracker |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 662874, 662876 | ||
Bug Blocks: |
Description
Hanno Böck
2018-07-26 07:12:41 UTC
Issue was assigned a CVE. https://nvd.nist.gov/vuln/detail/CVE-2018-14681 Correction, multiple CVEs have been assigned: https://nvd.nist.gov/vuln/detail/CVE-2018-14679 An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash). https://nvd.nist.gov/vuln/detail/CVE-2018-14680 An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames. https://nvd.nist.gov/vuln/detail/CVE-2018-14681 An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite. https://nvd.nist.gov/vuln/detail/CVE-2018-14682 An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression. @ Hanno: I don't see security fixes in cabextract-1.7 release note. Looks like a normal release which adds new important features, but nothing for a security bug. Am I missing something? |