CVE-2018-18584 – libmspack: Out-of-bounds write in mspack/cab.h
https://notcve.org/view.php?id=CVE-2018-18584
In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write. En mspack/cab.h en libmspack en versiones anteriores a la 0.8alpha y cabextract en versiones anteriores a la 1.8, el búfer de entrada de bloques CAB es un byte más pequeño para el bloque Quantum máximo, lo que conduce a una escritura fuera de límites. • https://access.redhat.com/errata/RHSA-2019:2049 https://bugs.debian.org/911640 https://github.com/kyz/libmspack/commit/40ef1b4093d77ad3a5cfcee1f5cb6108b3a3bcc2 https://lists.debian.org/debian-lts-announce/2018/10/msg00017.html https://security.gentoo.org/glsa/201903-20 https://usn.ubuntu.com/3814-1 https://usn.ubuntu.com/3814-2 https://usn.ubuntu.com/3814-3 https://www.cabextract.org.uk/#changes https://www.openwall.com/lists/oss-security/2018/10/22/1 https://www • CWE-787: Out-of-bounds Write •
CVE-2018-14682 – libmspack: off-by-one error in the TOLOWER() macro for CHM decompression
https://notcve.org/view.php?id=CVE-2018-14682
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression. Se ha descubierto un problema en mspack/chmd.c en libmspack en versiones anteriores a la 0.7alpha. Hay un error por un paso en la macro TOLOWER() para la descompresión CHM. • http://www.openwall.com/lists/oss-security/2018/07/26/1 http://www.securitytracker.com/id/1041410 https://access.redhat.com/errata/RHSA-2018:3327 https://access.redhat.com/errata/RHSA-2018:3505 https://bugs.debian.org/904800 https://github.com/kyz/libmspack/commit/4fd9ccaa54e1aebde1e4b95fb0163b699fd7bcc8 https://lists.debian.org/debian-lts-announce/2018/08/msg00007.html https://security.gentoo.org/glsa/201903-20 https://usn.ubuntu.com/3728-1 https://usn.ubuntu.com/3728-2 • CWE-193: Off-by-one Error •
CVE-2018-14680 – libmspack: off-by-one error in the CHM chunk number validity checks
https://notcve.org/view.php?id=CVE-2018-14680
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames. Se ha descubierto un problema en mspack/chmd.c en libmspack en versiones anteriores a la 0.7alpha. No rechaza los nombres de archivos CHM en blanco. • http://www.openwall.com/lists/oss-security/2018/07/26/1 http://www.securitytracker.com/id/1041410 https://access.redhat.com/errata/RHSA-2018:3327 https://access.redhat.com/errata/RHSA-2018:3505 https://bugs.debian.org/904801 https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a https://lists.debian.org/debian-lts-announce/2018/08/msg00007.html https://security.gentoo.org/glsa/201903-20 https://usn.ubuntu.com/3728-1 https://usn.ubuntu.com/3728-2 • CWE-20: Improper Input Validation CWE-193: Off-by-one Error •
CVE-2018-14679 – libmspack: off-by-one error in the CHM PMGI/PMGL chunk number validity checks
https://notcve.org/view.php?id=CVE-2018-14679
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash). Se ha descubierto un problema en mspack/chmd.c en libmspack en versiones anteriores a la 0.7alpha. Hay un error por un paso en las comprobaciones de validez de los números de chunk de CHM PMGI/PMGL que podría conducir a una denegación de servicio (referencia de datos no inicializados y cierre inesperado de la aplicación). • http://www.openwall.com/lists/oss-security/2018/07/26/1 http://www.securitytracker.com/id/1041410 https://access.redhat.com/errata/RHSA-2018:3327 https://access.redhat.com/errata/RHSA-2018:3505 https://bugs.debian.org/904802 https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a https://lists.debian.org/debian-lts-announce/2018/08/msg00007.html https://security.gentoo.org/glsa/201903-20 https://usn.ubuntu.com/3728-1 https://usn.ubuntu.com/3728-2 • CWE-193: Off-by-one Error •
CVE-2018-14681 – libmspack: out-of-bounds write in kwajd_read_headers in mspack/kwajd.c
https://notcve.org/view.php?id=CVE-2018-14681
An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite. Se ha descubierto un problema en kwajd_read_headers en mspack/kwajd.c en libmspack en versiones anteriores a la 0.7alpha. Las extensiones de encabezado de archivo KWAJ incorrectas pueden provocar una sobrescritura de uno o dos bytes. • http://www.openwall.com/lists/oss-security/2018/07/26/1 http://www.securitytracker.com/id/1041410 https://access.redhat.com/errata/RHSA-2018:3327 https://access.redhat.com/errata/RHSA-2018:3505 https://bugs.debian.org/904799 https://github.com/kyz/libmspack/commit/0b0ef9344255ff5acfac6b7af09198ac9c9756c8 https://lists.debian.org/debian-lts-announce/2018/08/msg00007.html https://security.gentoo.org/glsa/201903-20 https://usn.ubuntu.com/3728-1 https://usn.ubuntu.com/3728-2 • CWE-787: Out-of-bounds Write •