Medium severity5.5NVD Advisory· Published Jul 15, 2019· Updated Jun 17, 2026
CVE-2019-1010305
CVE-2019-1010305
Description
libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmd_read_headers() in libmspack(file libmspack/mspack/chmd.c). The attack vector is: the victim must open a specially crafted chm file. The fixed version is: after commit 2f084136cfe0d05e5bf5703f3e83c6d955234b4d.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
9- Range: <=0.9.1alpha
- osv-coords7 versionspkg:rpm/almalinux/libmspackpkg:rpm/almalinux/libmspack-develpkg:rpm/opensuse/libmspack&distro=openSUSE%20Leap%2015.1pkg:rpm/suse/libmspack&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/libmspack&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/libmspack&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/libmspack&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
< 0.7-0.3.alpha.el8.4+ 6 more
- (no CPE)range: < 0.7-0.3.alpha.el8.4
- (no CPE)range: < 0.7-0.3.alpha.el8.4
- (no CPE)range: < 0.6-lp151.4.3.1
- (no CPE)range: < 0.6-3.8.19
- (no CPE)range: < 0.4-15.7.1
- (no CPE)range: < 0.4-15.7.1
- (no CPE)range: < 0.4-15.7.1
- libmspack/libmspackv5Range: 0.9.1alpha [fixed: after commit 2f084136cfe0d05e5bf5703f3e83c6d955234b4d]
Patches
Vulnerability mechanics
References
8- github.com/kyz/libmspack/commit/2f084136cfe0d05e5bf5703f3e83c6d955234b4dnvdPatchThird Party Advisory
- github.com/kyz/libmspack/issues/27nvdExploitIssue TrackingThird Party Advisory
- lists.debian.org/debian-lts-announce/2019/08/msg00028.htmlnvdMailing ListThird Party Advisory
- lists.debian.org/debian-lts-announce/2021/10/msg00033.htmlnvdMailing ListThird Party Advisory
- usn.ubuntu.com/4066-1/nvdThird Party Advisory
- usn.ubuntu.com/4066-2/nvdThird Party Advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IXWNEY4CJBLPRKV6LG7FQUPD6WVZYBTB/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2QJTUAGP22YY7453MHGTFN4YQE5HJBR/nvd
News mentions
0No linked articles in our index yet.