ID CVE-2015-4471
Summary Off-by-one error in the lzxd_decompress function in lzxd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (buffer under-read and application crash) via a crafted CAB archive.
References
Vulnerable Configurations
  • cpe:2.3:a:libmspack_project:libmspack:0.4:*:*:*:*:*:*:*
    cpe:2.3:a:libmspack_project:libmspack:0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:libmspack_project:libmspack:0.4-3:*:*:*:*:*:*:*
    cpe:2.3:a:libmspack_project:libmspack:0.4-3:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 09-06-2016 - 21:28)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
refmap via4
bid 72492
confirm
mlist [oss-security] 20150203 Possible CVE Requests: libmspack: several issues
Last major update 09-06-2016 - 21:28
Published 11-06-2015 - 14:59
Last modified 09-06-2016 - 21:28
Back to Top