ID CVE-2018-14679
Summary An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash).
References
Vulnerable Configurations
  • cpe:2.3:a:cabextract:cabextract:1.5
    cpe:2.3:a:cabextract:cabextract:1.5
  • cpe:2.3:a:cabextract:libmspack:0.0.20060920:alpha
    cpe:2.3:a:cabextract:libmspack:0.0.20060920:alpha
  • cpe:2.3:a:cabextract:libmspack:0.3:alpha
    cpe:2.3:a:cabextract:libmspack:0.3:alpha
  • cpe:2.3:a:cabextract:libmspack:0.4:alpha
    cpe:2.3:a:cabextract:libmspack:0.4:alpha
  • cpe:2.3:a:cabextract:libmspack:0.5:alpha
    cpe:2.3:a:cabextract:libmspack:0.5:alpha
  • cpe:2.3:a:cabextract:libmspack:0.6:alpha
    cpe:2.3:a:cabextract:libmspack:0.6:alpha
  • Canonical Ubuntu Linux 12.04 ESM (Extended Security Maintenance)
    cpe:2.3:o:canonical:ubuntu_linux:12.04:-:-:-:esm
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • Canonical Ubuntu Linux 16.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:16.04:-:-:-:lts
  • Canonical Ubuntu Linux 18.04 LTS Edition
    cpe:2.3:o:canonical:ubuntu_linux:18.04:-:-:-:lts
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • Debian Linux 9.0
    cpe:2.3:o:debian:debian_linux:9.0
  • Red Hat Ansible Tower 3.3
    cpe:2.3:a:redhat:ansible_tower:3.3
  • RedHat Enterprise Linux Desktop 7.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
  • RedHat Enterprise Linux Server 7.0
    cpe:2.3:o:redhat:enterprise_linux_server:7.0
  • RedHat Enterprise Linux Workstation 7.0
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0
  • Canonical Ubuntu Linux 12.04 ESM (Extended Security Maintenance)
    cpe:2.3:o:canonical:ubuntu_linux:12.04:-:-:-:esm
CVSS
Base: 4.3
Impact:
Exploitability:
CWE CWE-682
CAPEC
  • Attack through Shared Data
    An attacker exploits a data structure shared between multiple applications or an application pool to affect application behavior. Data may be shared between multiple applications or between multiple threads of a single application. Data sharing is usually accomplished through mutual access to a single memory location. If an attacker can manipulate this shared data (usually by co-opting one of the applications or threads) the other applications or threads using the shared data will often continue to trust the validity of the compromised shared data and use it in their calculations. This can result in invalid trust assumptions, corruption of additional data through the normal operations of the other users of the shared data, or even cause a crash or compromise of the sharing applications.
  • Integer Attacks
    An attacker takes advantage of the structure of integer variables to cause these variables to assume values that are not expected by an application. For example, adding one to the largest positive integer in a signed integer variable results in a negative number. Negative numbers may be illegal in an application and the application may prevent an attacker from providing them directly, but the application may not consider that adding two positive numbers can create a negative number do to the structure of integer storage formats.
  • Pointer Attack
    This attack involves an attacker manipulating a pointer within a target application resulting in the application accessing an unintended memory location. This can result in the crashing of the application or, for certain pointer values, access to data that would not normally be possible or the execution of arbitrary code. Since pointers are simply integer variables, Integer Attacks may often be used in Pointer Attacks.
nessus via4
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2018-2_0-0110_LIBMSPACK.NASL
    description An update of the libmspack package has been released.
    last seen 2019-02-08
    modified 2019-02-07
    plugin id 122008
    published 2019-02-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=122008
    title Photon OS 2.0: Libmspack PHSA-2018-2.0-0110
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-E1ADECD46C.NASL
    description New upstream version 0.7alpha. Fixes CVE-2018-14679 libmspack: off-by-one error in the CHM PMGI/PMGL chunk number validity checks Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-10-04
    plugin id 111654
    published 2018-08-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111654
    title Fedora 27 : libmspack (2018-e1adecd46c)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-DDDA173F56.NASL
    description New upstream version 0.7alpha. Fixes CVE-2018-14679 libmspack: off-by-one error in the CHM PMGI/PMGL chunk number validity checks Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-03
    plugin id 120849
    published 2019-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120849
    title Fedora 28 : libmspack (2018-ddda173f56)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20181030_LIBMSPACK_ON_SL7_X.NASL
    description Security Fix(es) : - libmspack: off-by-one error in the CHM PMGI/PMGL chunk number validity checks (CVE-2018-14679) - libmspack: off-by-one error in the CHM chunk number validity checks (CVE-2018-14680) - libmspack: out-of-bounds write in kwajd_read_headers in mspack/kwajd.c (CVE-2018-14681) - libmspack: off-by-one error in the TOLOWER() macro for CHM decompression (CVE-2018-14682)
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 119191
    published 2018-11-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119191
    title Scientific Linux Security Update : libmspack on SL7.x x86_64
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2018-3327.NASL
    description From Red Hat Security Advisory 2018:3327 : An update for libmspack is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The libmspack packages contain a library providing compression and extraction of the Cabinet (CAB) file format used by Microsoft. Security Fix(es) : * libmspack: off-by-one error in the CHM PMGI/PMGL chunk number validity checks (CVE-2018-14679) * libmspack: off-by-one error in the CHM chunk number validity checks (CVE-2018-14680) * libmspack: out-of-bounds write in kwajd_read_headers in mspack/kwajd.c (CVE-2018-14681) * libmspack: off-by-one error in the TOLOWER() macro for CHM decompression (CVE-2018-14682) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-11-07
    plugin id 118783
    published 2018-11-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118783
    title Oracle Linux 7 : libmspack (ELSA-2018-3327)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-847FE2ED61.NASL
    description ClamAV 0.100.2 has been released! This is a patch release to address several vulnerabilities. Fixes for the following ClamAV vulnerabilities: CVE-2018-15378: Vulnerability in ClamAV's MEW unpacking feature that could allow an unauthenticated, remote attacker to cause a denial-of-service (DoS) condition on an affected device. Reported by Secunia Research at Flexera. Fix for a two-byte buffer over-read bug in ClamAV's PDF parsing code. Reported by Alex Gaynor. Fixes for the following vulnerabilities in bundled third-party libraries: CVE-2018-14680: An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames. CVE-2018-14681: An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one- or two-byte overwrite. CVE-2018-14682: An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression. Additionally, 0.100.2 reverted 0.100.1's patch for CVE-2018-14679, and applied libmspack's version of the fix in its place Other changes: Some users have reported freshclam signature update failures as a result of a delay between the time the new signature database content is announced and the time that the content-delivery-network has the content available for download. To mitigate these errors, this patch release includes some modifications to freshclam to make it more lenient, and to reduce the time that freshclam will ignore a mirror when it detects an issue. On-Access 'Extra Scanning,' an opt-in minor feature of OnAccess scanning on Linux systems, has been disabled due to a known issue with resource cleanup OnAccessExtraScanning will be re-enabled in a future release when the issue is resolved. In the mean-time, users who enabled the feature in clamd.conf will see a warning informing them that the feature is not active. For details, click here. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-03
    plugin id 120579
    published 2019-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120579
    title Fedora 29 : clamav (2018-847fe2ed61)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-EFF94DA132.NASL
    description ClamAV 0.100.2 has been released! This is a patch release to address several vulnerabilities. Fixes for the following ClamAV vulnerabilities: CVE-2018-15378: Vulnerability in ClamAV's MEW unpacking feature that could allow an unauthenticated, remote attacker to cause a denial-of-service (DoS) condition on an affected device. Reported by Secunia Research at Flexera. Fix for a two-byte buffer over-read bug in ClamAV's PDF parsing code. Reported by Alex Gaynor. Fixes for the following vulnerabilities in bundled third-party libraries: CVE-2018-14680: An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames. CVE-2018-14681: An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one- or two-byte overwrite. CVE-2018-14682: An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression. Additionally, 0.100.2 reverted 0.100.1's patch for CVE-2018-14679, and applied libmspack's version of the fix in its place Other changes: Some users have reported freshclam signature update failures as a result of a delay between the time the new signature database content is announced and the time that the content-delivery-network has the content available for download. To mitigate these errors, this patch release includes some modifications to freshclam to make it more lenient, and to reduce the time that freshclam will ignore a mirror when it detects an issue. On-Access 'Extra Scanning,' an opt-in minor feature of OnAccess scanning on Linux systems, has been disabled due to a known issue with resource cleanup OnAccessExtraScanning will be re-enabled in a future release when the issue is resolved. In the mean-time, users who enabled the feature in clamd.conf will see a warning informing them that the feature is not active. For details, click here. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-03
    plugin id 120891
    published 2019-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120891
    title Fedora 28 : clamav (2018-eff94da132)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2323-2.NASL
    description This update for clamav to version 0.100.1 fixes the following issues : The following security vulnerabilities were addressed : CVE-2018-0360: HWP integer overflow, infinite loop vulnerability (bsc#1101410) CVE-2018-0361: PDF object length check, unreasonably long time to parse relatively small file (bsc#1101412) CVE-2018-1000085: Fixed a out-of-bounds heap read in XAR parser (bsc#1082858) CVE-2018-14679: Libmspack heap buffer over-read in CHM parser (bsc#1103040) Buffer over-read in unRAR code due to missing max value checks in table initialization PDF parser bugs The following other changes were made: Disable YARA support for licensing reasons (bsc#1101654). Add HTTPS support for clamsubmit Fix for DNS resolution for users on IPv4-only machines where IPv6 is not available or is link-local only Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 118280
    published 2018-10-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118280
    title SUSE SLES12 Security Update : clamav (SUSE-SU-2018:2323-2)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-889.NASL
    description This update for clamav to version 0.100.1 fixes the following issues: The following security vulnerabilities were addressed : - CVE-2018-0360: HWP integer overflow, infinite loop vulnerability (bsc#1101410) - CVE-2018-0361: PDF object length check, unreasonably long time to parse relatively small file (bsc#1101412) - CVE-2018-1000085: Fixed a out-of-bounds heap read in XAR parser (bsc#1082858) - CVE-2018-14679: Libmspack heap buffer over-read in CHM parser (bsc#1103040) - Buffer over-read in unRAR code due to missing max value checks in table initialization - PDF parser bugs The following other changes were made : - Disable YARA support for licensing reasons (bsc#1101654). - Add HTTPS support for clamsubmit - Fix for DNS resolution for users on IPv4-only machines where IPv6 is not available or is link-local only This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2019-02-21
    modified 2018-10-04
    plugin id 111998
    published 2018-08-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111998
    title openSUSE Security Update : clamav (openSUSE-2018-889)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2323-1.NASL
    description This update for clamav to version 0.100.1 fixes the following issues: The following security vulnerabilities were addressed : - CVE-2018-0360: HWP integer overflow, infinite loop vulnerability (bsc#1101410) - CVE-2018-0361: PDF object length check, unreasonably long time to parse relatively small file (bsc#1101412) - CVE-2018-1000085: Fixed a out-of-bounds heap read in XAR parser (bsc#1082858) - CVE-2018-14679: Libmspack heap buffer over-read in CHM parser (bsc#1103040) - Buffer over-read in unRAR code due to missing max value checks in table initialization - PDF parser bugs The following other changes were made : - Disable YARA support for licensing reasons (bsc#1101654). - Add HTTPS support for clamsubmit - Fix for DNS resolution for users on IPv4-only machines where IPv6 is not available or is link-local only Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 111744
    published 2018-08-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111744
    title SUSE SLED12 / SLES12 Security Update : clamav (SUSE-SU-2018:2323-1)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2018-3327.NASL
    description An update for libmspack is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The libmspack packages contain a library providing compression and extraction of the Cabinet (CAB) file format used by Microsoft. Security Fix(es) : * libmspack: off-by-one error in the CHM PMGI/PMGL chunk number validity checks (CVE-2018-14679) * libmspack: off-by-one error in the CHM chunk number validity checks (CVE-2018-14680) * libmspack: out-of-bounds write in kwajd_read_headers in mspack/kwajd.c (CVE-2018-14681) * libmspack: off-by-one error in the TOLOWER() macro for CHM decompression (CVE-2018-14682) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 119004
    published 2018-11-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119004
    title CentOS 7 : libmspack (CESA-2018:3327)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3728-2.NASL
    description USN-3728-1 fixed several vulnerabilities in libmspack. In Ubuntu 14.04 libmspack is included into ClamAV. This update provides the corresponding update for Ubuntu 14.04 LTS. Original advisory details : Hanno Bock discovered that libmspack incorrectly handled certain CHM files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-14679, CVE-2018-14680) Jakub Wilk discovered that libmspack incorrectly handled certain KWAJ files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-14681) Dmitry Glavatskikh discovered that libmspack incorrectly certain CHM files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-14682). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 111526
    published 2018-08-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111526
    title Ubuntu 14.04 LTS : clamav vulnerabilities (USN-3728-2)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1436.NASL
    description According to the versions of the libmspack package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - libmspack: off-by-one error in the CHM PMGI/PMGL chunk number validity checks (CVE-2018-14679) - libmspack: off-by-one error in the CHM chunk number validity checks (CVE-2018-14680) - libmspack: out-of-bounds write in kwajd_read_headers in mspack/kwajd.c (CVE-2018-14681) - libmspack: off-by-one error in the TOLOWER() macro for CHM decompression (CVE-2018-14682) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 119925
    published 2018-12-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119925
    title EulerOS 2.0 SP3 : libmspack (EulerOS-SA-2018-1436)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1460.NASL
    description It was discovered that there were several vulnerabilities in libsmpack, a library used to handle Microsoft compression formats. A remote attacker could craft malicious .CAB, .CHM or .KWAJ files and use these flaws to cause a denial of service via application crash, or potentially execute arbitrary code. For Debian 8 'Jessie', this issue has been fixed in libmspack version 0.5-1+deb8u2. We recommend that you upgrade your libmspack packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-10-04
    plugin id 111556
    published 2018-08-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111556
    title Debian DLA-1460-1 : libmspack security update
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-4260.NASL
    description Several vulnerabilities were discovered in libsmpack, a library used to handle Microsoft compression formats. A remote attacker could craft malicious CAB, CHM or KWAJ files and use these flaws to cause a denial of service via application crash, or potentially execute arbitrary code.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 111521
    published 2018-08-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111521
    title Debian DSA-4260-1 : libmspack - security update
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2019-1146.NASL
    description An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.(CVE-2018-14681) An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.(CVE-2018-14682) An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.(CVE-2018-14680) A vulnerability in ClamAV versions prior to 0.100.2 could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to an error related to the MEW unpacker within the 'unmew11()' function (libclamav/mew.c), which can be exploited to trigger an invalid read memory access via a specially crafted EXE file.(CVE-2018-15378) An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash).(CVE-2018-14679)
    last seen 2019-02-21
    modified 2019-01-14
    plugin id 121131
    published 2019-01-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121131
    title Amazon Linux AMI : clamav (ALAS-2019-1146)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-1FC39F2D13.NASL
    description ClamAV 0.100.2 has been released! This is a patch release to address several vulnerabilities. Fixes for the following ClamAV vulnerabilities: CVE-2018-15378: Vulnerability in ClamAV's MEW unpacking feature that could allow an unauthenticated, remote attacker to cause a denial-of-service (DoS) condition on an affected device. Reported by Secunia Research at Flexera. Fix for a two-byte buffer over-read bug in ClamAV's PDF parsing code. Reported by Alex Gaynor. Fixes for the following vulnerabilities in bundled third-party libraries: CVE-2018-14680: An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames. CVE-2018-14681: An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one- or two-byte overwrite. CVE-2018-14682: An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression. Additionally, 0.100.2 reverted 0.100.1's patch for CVE-2018-14679, and applied libmspack's version of the fix in its place Other changes: Some users have reported freshclam signature update failures as a result of a delay between the time the new signature database content is announced and the time that the content-delivery-network has the content available for download. To mitigate these errors, this patch release includes some modifications to freshclam to make it more lenient, and to reduce the time that freshclam will ignore a mirror when it detects an issue. On-Access 'Extra Scanning,' an opt-in minor feature of OnAccess scanning on Linux systems, has been disabled due to a known issue with resource cleanup OnAccessExtraScanning will be re-enabled in a future release when the issue is resolved. In the mean-time, users who enabled the feature in clamd.conf will see a warning informing them that the feature is not active. For details, click here. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-10-17
    plugin id 118159
    published 2018-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118159
    title Fedora 27 : clamav (2018-1fc39f2d13)
  • NASL family Amazon Linux Local Security Checks
    NASL id AL2_ALAS-2019-1152.NASL
    description An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.(CVE-2018-14682) An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.(CVE-2018-14680) An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash).(CVE-2018-14679) An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.(CVE-2018-14681)
    last seen 2019-02-21
    modified 2019-01-25
    plugin id 121365
    published 2019-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121365
    title Amazon Linux 2 : libmspack (ALAS-2019-1152)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1435.NASL
    description According to the versions of the libmspack package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - libmspack: off-by-one error in the CHM PMGI/PMGL chunk number validity checks (CVE-2018-14679) - libmspack: off-by-one error in the CHM chunk number validity checks (CVE-2018-14680) - libmspack: out-of-bounds write in kwajd_read_headers in mspack/kwajd.c (CVE-2018-14681) - libmspack: off-by-one error in the TOLOWER() macro for CHM decompression (CVE-2018-14682) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 119924
    published 2018-12-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119924
    title EulerOS 2.0 SP2 : libmspack (EulerOS-SA-2018-1435)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-3327.NASL
    description An update for libmspack is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The libmspack packages contain a library providing compression and extraction of the Cabinet (CAB) file format used by Microsoft. Security Fix(es) : * libmspack: off-by-one error in the CHM PMGI/PMGL chunk number validity checks (CVE-2018-14679) * libmspack: off-by-one error in the CHM chunk number validity checks (CVE-2018-14680) * libmspack: out-of-bounds write in kwajd_read_headers in mspack/kwajd.c (CVE-2018-14681) * libmspack: off-by-one error in the TOLOWER() macro for CHM decompression (CVE-2018-14682) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 118541
    published 2018-10-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118541
    title RHEL 7 : libmspack (RHSA-2018:3327)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3728-1.NASL
    description Hanno Bock discovered that libmspack incorrectly handled certain CHM files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-14679, CVE-2018-14680) Jakub Wilk discovered that libmspack incorrectly handled certain KWAJ files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-14681) Dmitry Glavatskikh discovered that libmspack incorrectly certain CHM files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-14682). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 111513
    published 2018-08-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111513
    title Ubuntu 16.04 LTS / 18.04 LTS : libmspack vulnerabilities (USN-3728-1)
redhat via4
advisories
  • rhsa
    id RHSA-2018:3327
  • rhsa
    id RHSA-2018:3505
rpms
  • libmspack-0:0.5-0.6.alpha.el7
  • libmspack-devel-0:0.5-0.6.alpha.el7
refmap via4
debian DSA-4260
gentoo GLSA-201903-20
misc
mlist [debian-lts-announce] 20180806 [SECURITY] [DLA-1460-1] libmspack security update
sectrack 1041410
ubuntu
  • USN-3728-1
  • USN-3728-2
  • USN-3728-3
  • USN-3789-2
Last major update 28-07-2018 - 19:29
Published 28-07-2018 - 19:29
Last modified 28-03-2019 - 11:07
Back to Top