NotCVE - vendor:"Libmspack Project" product:"Libmspack" version:"0.6"

7 results (0.002 seconds)

CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 1

CVE-2018-18586 – Gentoo Linux Security Advisory 201903-20

https://notcve.org/view.php?id=CVE-2018-18586

23 Oct 2018 — chmextract.c in the chmextract sample program, as distributed with libmspack before 0.8alpha, does not protect against absolute/relative pathnames in CHM files, leading to Directory Traversal. NOTE: the vendor disputes that this is a libmspack vulnerability, because chmextract.c was only intended as a source-code example, not a supported application ** EN DISPUTA ** chmextract.c en el programa de muestra chmextract, tal y como se distribuye en libmspack en versiones anteriores a la 0.8alpha, no protege cont... • https://bugs.debian.org/911639 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.5EPSS: 2%CPEs: 19EXPL: 0

CVE-2018-18584 – libmspack: Out-of-bounds write in mspack/cab.h

https://notcve.org/view.php?id=CVE-2018-18584

23 Oct 2018 — In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write. En mspack/cab.h en libmspack en versiones anteriores a la 0.8alpha y cabextract en versiones anteriores a la 1.8, el búfer de entrada de bloques CAB es un byte más pequeño para el bloque Quantum máximo, lo que conduce a una escritura fuera de límites. USN-3814-1 fixed several vulnerabilities in libmspack. In Ubuntu 14.04 li... • https://access.redhat.com/errata/RHSA-2019:2049 • CWE-787: Out-of-bounds Write •

CVSS: 4.3EPSS: 0%CPEs: 19EXPL: 1

CVE-2018-18585 – libmspack: chmd_read_headers() fails to reject filenames containing NULL bytes

https://notcve.org/view.php?id=CVE-2018-18585

23 Oct 2018 — chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name). chmd_read_headers en mspack/chmd.c en libmspack en versiones anteriores a la 0.8alpha acepta un nombre de archivo que tiene "\0" como su primer o segundo carácter (como el nombre "/\0"). Multiple vulnerabilities have been found in cabextract and libmspack, the worst of which could result in a Denial of Service. Versions less than 1.8 are affected. • https://access.redhat.com/errata/RHSA-2019:2049 • CWE-476: NULL Pointer Dereference •

CVSS: 6.5EPSS: 0%CPEs: 17EXPL: 0

CVE-2018-14679 – libmspack: off-by-one error in the CHM PMGI/PMGL chunk number validity checks

https://notcve.org/view.php?id=CVE-2018-14679

28 Jul 2018 — An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash). Se ha descubierto un problema en mspack/chmd.c en libmspack en versiones anteriores a la 0.7alpha. Hay un error por un paso en las comprobaciones de validez de los números de chunk de CHM PMGI/PMGL que podría conducir a una denegación de servicio (referencia de datos... • http://www.openwall.com/lists/oss-security/2018/07/26/1 • CWE-193: Off-by-one Error •

CVSS: 6.5EPSS: 1%CPEs: 16EXPL: 0

CVE-2018-14680 – libmspack: off-by-one error in the CHM chunk number validity checks

https://notcve.org/view.php?id=CVE-2018-14680

28 Jul 2018 — An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames. Se ha descubierto un problema en mspack/chmd.c en libmspack en versiones anteriores a la 0.7alpha. No rechaza los nombres de archivos CHM en blanco. Several vulnerabilities were discovered in libsmpack, a library used to handle Microsoft compression formats. • http://www.openwall.com/lists/oss-security/2018/07/26/1 • CWE-20: Improper Input Validation CWE-193: Off-by-one Error •

CVSS: 8.8EPSS: 4%CPEs: 16EXPL: 0

CVE-2018-14681 – libmspack: out-of-bounds write in kwajd_read_headers in mspack/kwajd.c

https://notcve.org/view.php?id=CVE-2018-14681

28 Jul 2018 — An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite. Se ha descubierto un problema en kwajd_read_headers en mspack/kwajd.c en libmspack en versiones anteriores a la 0.7alpha. Las extensiones de encabezado de archivo KWAJ incorrectas pueden provocar una sobrescritura de uno o dos bytes. Hanno Boeck discovered that libmspack incorrectly handled certain CHM files. • http://www.openwall.com/lists/oss-security/2018/07/26/1 • CWE-787: Out-of-bounds Write •

CVSS: 8.8EPSS: 4%CPEs: 16EXPL: 0

CVE-2018-14682 – libmspack: off-by-one error in the TOLOWER() macro for CHM decompression

https://notcve.org/view.php?id=CVE-2018-14682

28 Jul 2018 — An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression. Se ha descubierto un problema en mspack/chmd.c en libmspack en versiones anteriores a la 0.7alpha. Hay un error por un paso en la macro TOLOWER() para la descompresión CHM. Hanno Boeck discovered that libmspack incorrectly handled certain CHM files. • http://www.openwall.com/lists/oss-security/2018/07/26/1 • CWE-193: Off-by-one Error •