Libmspack Project
Products
1- 18 CVEs
Recent CVEs
18| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-14682 | Hig | 0.51 | 8.8 | 0.04 | Jul 28, 2018 | An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression. | ||
| CVE-2018-14681 | Hig | 0.51 | 8.8 | 0.04 | Jul 28, 2018 | An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite. | ||
| CVE-2017-6419 | Hig | 0.51 | 7.8 | 0.02 | Aug 7, 2017 | mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file. | ||
| CVE-2018-14679 | Med | 0.36 | 6.5 | 0.03 | Jul 28, 2018 | An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash). | ||
| CVE-2017-11423 | Med | 0.36 | 5.5 | 0.02 | Jul 18, 2017 | The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2 and other products, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file. | ||
| CVE-2014-9732 | 0.01 | — | 0.07 | Jun 11, 2015 | The cabd_extract function in cabd.c in libmspack before 0.5 does not properly maintain decompression callbacks in certain cases where an invalid file follows a valid file, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash)… | |||
| CVE-2019-1010305 | 0.00 | — | 0.01 | Jul 15, 2019 | libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmd_read_headers() in libmspack(file libmspack/mspack/chmd.c). The attack vector is: the victim must open a specially crafted chm file. The fixed version is:… | |||
| CVE-2018-18586 | 0.00 | — | 0.03 | Oct 23, 2018 | chmextract.c in the chmextract sample program, as distributed with libmspack before 0.8alpha, does not protect against absolute/relative pathnames in CHM files, leading to Directory Traversal. NOTE: the vendor disputes that this is a libmspack vulnerability, because chmextract.c… | |||
| CVE-2018-18584 | 0.00 | — | 0.03 | Oct 23, 2018 | In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write. | |||
| CVE-2018-18585 | 0.00 | — | 0.03 | Oct 23, 2018 | chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name). | |||
| CVE-2015-4472 | 0.00 | — | 0.02 | Jun 11, 2015 | Off-by-one error in the READ_ENCINT macro in chmd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CHM file. | |||
| CVE-2015-4471 | 0.00 | — | 0.02 | Jun 11, 2015 | Off-by-one error in the lzxd_decompress function in lzxd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (buffer under-read and application crash) via a crafted CAB archive. | |||
| CVE-2015-4470 | 0.00 | — | 0.01 | Jun 11, 2015 | Off-by-one error in the inflate function in mszipd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CAB archive. | |||
| CVE-2015-4469 | 0.00 | — | 0.01 | Jun 11, 2015 | The chmd_read_headers function in chmd.c in libmspack before 0.5 does not validate name lengths, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CHM file. | |||
| CVE-2015-4468 | 0.00 | — | 0.01 | Jun 11, 2015 | Multiple integer overflows in the search_chunk function in chmd.c in libmspack before 0.5 allow remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CHM file. | |||
| CVE-2015-4467 | 0.00 | — | 0.01 | Jun 11, 2015 | The chmd_init_decomp function in chmd.c in libmspack before 0.5 does not properly validate the reset interval, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted CHM file. | |||
| CVE-2014-9556 | 0.00 | — | 0.03 | Feb 3, 2015 | Integer overflow in the qtmd_decompress function in libmspack 0.4 allows remote attackers to cause a denial of service (hang) via a crafted CAB file, which triggers an infinite loop. | |||
| CVE-2010-2801 | 0.00 | — | 0.04 | Aug 9, 2010 | Integer signedness error in the Quantum decompressor in cabextract before 1.3, when archive test mode is used, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Quantum archive in a .cab file,… |
- risk 0.51cvss 8.8epss 0.04
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.
- risk 0.51cvss 8.8epss 0.04
An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.
- risk 0.51cvss 7.8epss 0.02
mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file.
- risk 0.36cvss 6.5epss 0.03
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash).
- risk 0.36cvss 5.5epss 0.02
The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2 and other products, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file.
- CVE-2014-9732Jun 11, 2015risk 0.01cvss —epss 0.07
The cabd_extract function in cabd.c in libmspack before 0.5 does not properly maintain decompression callbacks in certain cases where an invalid file follows a valid file, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash)…
- CVE-2019-1010305Jul 15, 2019risk 0.00cvss —epss 0.01
libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmd_read_headers() in libmspack(file libmspack/mspack/chmd.c). The attack vector is: the victim must open a specially crafted chm file. The fixed version is:…
- CVE-2018-18586Oct 23, 2018risk 0.00cvss —epss 0.03
chmextract.c in the chmextract sample program, as distributed with libmspack before 0.8alpha, does not protect against absolute/relative pathnames in CHM files, leading to Directory Traversal. NOTE: the vendor disputes that this is a libmspack vulnerability, because chmextract.c…
- CVE-2018-18584Oct 23, 2018risk 0.00cvss —epss 0.03
In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.
- CVE-2018-18585Oct 23, 2018risk 0.00cvss —epss 0.03
chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name).
- CVE-2015-4472Jun 11, 2015risk 0.00cvss —epss 0.02
Off-by-one error in the READ_ENCINT macro in chmd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CHM file.
- CVE-2015-4471Jun 11, 2015risk 0.00cvss —epss 0.02
Off-by-one error in the lzxd_decompress function in lzxd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (buffer under-read and application crash) via a crafted CAB archive.
- CVE-2015-4470Jun 11, 2015risk 0.00cvss —epss 0.01
Off-by-one error in the inflate function in mszipd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CAB archive.
- CVE-2015-4469Jun 11, 2015risk 0.00cvss —epss 0.01
The chmd_read_headers function in chmd.c in libmspack before 0.5 does not validate name lengths, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CHM file.
- CVE-2015-4468Jun 11, 2015risk 0.00cvss —epss 0.01
Multiple integer overflows in the search_chunk function in chmd.c in libmspack before 0.5 allow remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CHM file.
- CVE-2015-4467Jun 11, 2015risk 0.00cvss —epss 0.01
The chmd_init_decomp function in chmd.c in libmspack before 0.5 does not properly validate the reset interval, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted CHM file.
- CVE-2014-9556Feb 3, 2015risk 0.00cvss —epss 0.03
Integer overflow in the qtmd_decompress function in libmspack 0.4 allows remote attackers to cause a denial of service (hang) via a crafted CAB file, which triggers an infinite loop.
- CVE-2010-2801Aug 9, 2010risk 0.00cvss —epss 0.04
Integer signedness error in the Quantum decompressor in cabextract before 1.3, when archive test mode is used, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Quantum archive in a .cab file,…