ID CVE-2018-14679
Summary An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash).
References
Vulnerable Configurations
  • cpe:2.3:a:cabextract:cabextract:0.1:*:*:*:*:*:*:*
    cpe:2.3:a:cabextract:cabextract:0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:cabextract:cabextract:0.2:*:*:*:*:*:*:*
    cpe:2.3:a:cabextract:cabextract:0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:cabextract:cabextract:0.3:*:*:*:*:*:*:*
    cpe:2.3:a:cabextract:cabextract:0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:cabextract:cabextract:0.4:*:*:*:*:*:*:*
    cpe:2.3:a:cabextract:cabextract:0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:cabextract:cabextract:0.5:*:*:*:*:*:*:*
    cpe:2.3:a:cabextract:cabextract:0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:cabextract:cabextract:0.6:*:*:*:*:*:*:*
    cpe:2.3:a:cabextract:cabextract:0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:cabextract:cabextract:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:cabextract:cabextract:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:cabextract:cabextract:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:cabextract:cabextract:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:cabextract:cabextract:1.2:*:*:*:*:*:*:*
    cpe:2.3:a:cabextract:cabextract:1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:cabextract:cabextract:1.3:*:*:*:*:*:*:*
    cpe:2.3:a:cabextract:cabextract:1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:cabextract:cabextract:1.4:*:*:*:*:*:*:*
    cpe:2.3:a:cabextract:cabextract:1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:cabextract:cabextract:1.5:*:*:*:*:*:*:*
    cpe:2.3:a:cabextract:cabextract:1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:cabextract:libmspack:0.0.20060920:alpha:*:*:*:*:*:*
    cpe:2.3:a:cabextract:libmspack:0.0.20060920:alpha:*:*:*:*:*:*
  • cpe:2.3:a:cabextract:libmspack:0.3:alpha:*:*:*:*:*:*
    cpe:2.3:a:cabextract:libmspack:0.3:alpha:*:*:*:*:*:*
  • cpe:2.3:a:cabextract:libmspack:0.4:alpha:*:*:*:*:*:*
    cpe:2.3:a:cabextract:libmspack:0.4:alpha:*:*:*:*:*:*
  • cpe:2.3:a:cabextract:libmspack:0.5:alpha:*:*:*:*:*:*
    cpe:2.3:a:cabextract:libmspack:0.5:alpha:*:*:*:*:*:*
  • cpe:2.3:a:cabextract:libmspack:0.6:alpha:*:*:*:*:*:*
    cpe:2.3:a:cabextract:libmspack:0.6:alpha:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:ansible_tower:3.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:ansible_tower:3.3:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 24-08-2020 - 17:37)
Impact:
Exploitability:
CWE CWE-193
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
redhat via4
advisories
  • rhsa
    id RHSA-2018:3327
  • rhsa
    id RHSA-2018:3505
rpms
  • libmspack-0:0.5-0.6.alpha.el7
  • libmspack-debuginfo-0:0.5-0.6.alpha.el7
  • libmspack-devel-0:0.5-0.6.alpha.el7
refmap via4
debian DSA-4260
gentoo GLSA-201903-20
misc
mlist [debian-lts-announce] 20180806 [SECURITY] [DLA-1460-1] libmspack security update
sectrack 1041410
ubuntu
  • USN-3728-1
  • USN-3728-2
  • USN-3728-3
  • USN-3789-2
Last major update 24-08-2020 - 17:37
Published 28-07-2018 - 23:29
Last modified 24-08-2020 - 17:37
Back to Top