Download
| Alert*
oval:org.secpod.oval:def:108499
libmspack is installed oval:org.secpod.oval:def:1800219 libmspack is installed oval:org.secpod.oval:def:1800745 CVE-2017-6419: heap-based buffer overflow in mspack/lzxd.c. mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CHM file. oval:org.secpod.oval:def:1800730 CVE-2017-6419: heap-based buffer overflow in mspack/lzxd.c¶ mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CHM file. oval:org.secpod.oval:def:1800752 CVE-2017-6419: heap-based buffer overflow in mspack/lzxd.c; mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CHM file. oval:org.secpod.oval:def:1800218 CVE-2017-6419: heap-based buffer overflow in mspack/lzxd.c mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CHM file. oval:org.secpod.oval:def:108500 The purpose of libmspack is to provide both compression and decompression of some loosely related file formats used by Microsoft. oval:org.secpod.oval:def:108498 The purpose of libmspack is to provide both compression and decompression of some loosely related file formats used by Microsoft. oval:org.secpod.oval:def:89003301 This update for libmspack fixes the following issues: Security issues fixed: - CVE-2018-18584: The CAB block input buffer was one byte too small for the maximal Quantum block, leading to an out-of-bounds write. - CVE-2018-18585: chmd_read_headers accepted a filename that has "\0" as its first or se ... oval:org.secpod.oval:def:89050325 This update for libmspack fixes the following issues: Security issue fixed: - CVE-2019-1010305: Fixed a buffer overflow triggered by a crafted chm file which could have led to information disclosure . Other issue addressed: - Enable build-time tests oval:org.secpod.oval:def:116878 The purpose of libmspack is to provide both compression and decompression of some loosely related file formats used by Microsoft. oval:org.secpod.oval:def:116872 The purpose of libmspack is to provide both compression and decompression of some loosely related file formats used by Microsoft. oval:org.secpod.oval:def:113255 The purpose of libmspack is to provide both compression and decompression of some loosely related file formats used by Microsoft. oval:org.secpod.oval:def:113601 The purpose of libmspack is to provide both compression and decompression of some loosely related file formats used by Microsoft. oval:org.secpod.oval:def:113300 The purpose of libmspack is to provide both compression and decompression of some loosely related file formats used by Microsoft. oval:org.secpod.oval:def:114924 The purpose of libmspack is to provide both compression and decompression of some loosely related file formats used by Microsoft. oval:org.secpod.oval:def:503280 The libmspack packages contain a library providing compression and extraction of the Cabinet file format used by Microsoft. Security Fix: * libmspack: Out-of-bounds write in mspack/cab.h * libmspack: chmd_read_headers fails to reject filenames containing NULL bytes For more details about the secu ... oval:org.secpod.oval:def:115479 The purpose of libmspack is to provide both compression and decompression of some loosely related file formats used by Microsoft. oval:org.secpod.oval:def:115451 The purpose of libmspack is to provide both compression and decompression of some loosely related file formats used by Microsoft. oval:org.secpod.oval:def:89047165 This update for libmspack fixes the following issues: - CVE-2018-14681: Bad KWAJ file header extensions could cause a one or two byte overwrite. - CVE-2018-14682: There is an off-by-one error in the TOLOWER macro for CHM decompression. - CVE-2018-14679: There is an off-by-one error in the CHM PMGI ... oval:org.secpod.oval:def:205290 The libmspack packages contain a library providing compression and extraction of the Cabinet file format used by Microsoft. Security Fix: * libmspack: Out-of-bounds write in mspack/cab.h * libmspack: chmd_read_headers fails to reject filenames containing NULL bytes For more details about the secu ... oval:org.secpod.oval:def:1700140 An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER macro for CHM decompression.An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.An issue was discovered in mspack/chmd.c in lib ... oval:org.secpod.oval:def:205636 The libmspack packages contain a library providing compression and extraction of the Cabinet file format used by Microsoft. Security Fix: * libmspack: buffer overflow in function chmd_read_headers For more details about the security issue, including the impact, a CVSS score, acknowledgments, and o ... oval:org.secpod.oval:def:2500068 The libmspack packages contain a library providing compression and extraction of the Cabinet file format used by Microsoft. oval:org.secpod.oval:def:3301000 SUSE Security Update: Security update for libmspack oval:org.secpod.oval:def:89047398 This update for libmspack fixes the following issues: - CVE-2018-18586: Fixed directory traversal in chmextract by adding anti '../' and leading slash protection . |