Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Libmspack Project Subscribe
Total 11 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-18584 7 Cabextract Project, Canonical, Debian and 4 more 7 Cabextract, Ubuntu Linux, Debian Linux and 4 more 2022-10-25 4.3 MEDIUM 6.5 MEDIUM
In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.
CVE-2017-11423 2 Clamav, Libmspack Project 2 Clamav, Libmspack 2019-10-02 4.3 MEDIUM 5.5 MEDIUM
The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2 and other products, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file.
CVE-2014-9556 2 Libmspack Project, Opensuse 2 Libmspack, Opensuse 2018-10-30 5.0 MEDIUM N/A
Integer overflow in the qtmd_decompress function in libmspack 0.4 allows remote attackers to cause a denial of service (hang) via a crafted CAB file, which triggers an infinite loop.
CVE-2017-6419 2 Clamav, Libmspack Project 2 Clamav, Libmspack 2018-10-21 6.8 MEDIUM 7.8 HIGH
mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file.
CVE-2015-4472 1 Libmspack Project 1 Libmspack 2016-12-21 6.8 MEDIUM N/A
Off-by-one error in the READ_ENCINT macro in chmd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CHM file.
CVE-2014-9732 1 Libmspack Project 1 Libmspack 2016-11-28 4.3 MEDIUM N/A
The cabd_extract function in cabd.c in libmspack before 0.5 does not properly maintain decompression callbacks in certain cases where an invalid file follows a valid file, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted CAB archive.
CVE-2015-4467 1 Libmspack Project 1 Libmspack 2016-06-27 4.3 MEDIUM N/A
The chmd_init_decomp function in chmd.c in libmspack before 0.5 does not properly validate the reset interval, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted CHM file.
CVE-2015-4470 1 Libmspack Project 1 Libmspack 2016-06-09 4.3 MEDIUM N/A
Off-by-one error in the inflate function in mszipd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CAB archive.
CVE-2015-4469 1 Libmspack Project 1 Libmspack 2016-06-09 4.3 MEDIUM N/A
The chmd_read_headers function in chmd.c in libmspack before 0.5 does not validate name lengths, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CHM file.
CVE-2015-4471 1 Libmspack Project 1 Libmspack 2016-06-09 4.3 MEDIUM N/A
Off-by-one error in the lzxd_decompress function in lzxd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (buffer under-read and application crash) via a crafted CAB archive.
CVE-2015-4468 1 Libmspack Project 1 Libmspack 2016-06-09 4.3 MEDIUM N/A
Multiple integer overflows in the search_chunk function in chmd.c in libmspack before 0.5 allow remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CHM file.