SUSE-SU-2020:2711-1 -- SLES libmspackID: oval:org.secpod.oval:def:89000397 | Date: (C)2021-02-22 (M)2023-12-20 |
Class: PATCH | Family: unix |
This update for libmspack fixes the following issues: Security issues fixed: - CVE-2019-1010305: Fixed a buffer overflow triggered by a crafted chm file which could have led to information disclosure . - CVE-2018-18584: The CAB block input buffer was one byte too small for the maximal Quantum block, leading to an out-of-bounds write. - CVE-2018-18585: chmd_read_headers accepted a filename that has "\0" as its first or second character . - Fix off-by-one bounds check on CHM PMGI/PMGL chunk numbers and reject empty filenames.
Platform: |
SUSE Linux Enterprise Server 12 SP5 |