Skip to main content

Libmspack

18 CVEs product

Monthly

CVE-2019-1010305 MEDIUM POC PATCH This Month

libmspack 0.9.1alpha is affected by: Buffer Overflow. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libmspack Fedora Debian Linux +1
NVD GitHub
CVSS 3.1
5.5
EPSS
1.5%
CVE-2018-18586 MEDIUM POC PATCH This Month

chmextract.c in the chmextract sample program, as distributed with libmspack before 0.8alpha, does not protect against absolute/relative pathnames in CHM files, leading to Directory Traversal. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Libmspack
NVD GitHub
CVSS 3.0
5.3
EPSS
3.3%
CVE-2018-18585 MEDIUM POC PATCH This Month

chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Libmspack Debian Linux Enterprise Linux Desktop +5
NVD GitHub
CVSS 3.1
4.3
EPSS
3.1%
CVE-2018-18584 MEDIUM PATCH This Month

In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Cabextract Libmspack Debian Linux +4
NVD GitHub
CVSS 3.1
6.5
EPSS
3.1%
CVE-2018-14682 HIGH PATCH This Week

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Libmspack Cabextract Ubuntu Linux Debian Linux +4
NVD GitHub
CVSS 3.0
8.8
EPSS
3.8%
CVE-2018-14681 HIGH PATCH This Week

An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Libmspack Cabextract Ubuntu Linux +5
NVD GitHub
CVSS 3.0
8.8
EPSS
3.8%
CVE-2018-14680 MEDIUM PATCH This Month

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Libmspack Cabextract Ubuntu Linux Debian Linux +4
NVD GitHub
CVSS 3.0
6.5
EPSS
3.8%
CVE-2018-14679 MEDIUM PATCH This Month

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libmspack Cabextract Ubuntu Linux Debian Linux +4
NVD GitHub
CVSS 3.0
6.5
EPSS
3.3%
CVE-2017-6419 HIGH PATCH This Week

mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Libmspack
NVD GitHub
CVSS 3.0
7.8
EPSS
2.3%
CVE-2017-11423 MEDIUM This Month

The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2 and other products, allows remote attackers to cause a denial of service (stack-based buffer over-read. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Libmspack
NVD GitHub
CVSS 3.0
5.5
EPSS
2.8%
CVE-2015-4472 MEDIUM POC This Month

Off-by-one error in the READ_ENCINT macro in chmd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Libmspack
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2015-4471 MEDIUM POC PATCH This Month

Off-by-one error in the lzxd_decompress function in lzxd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (buffer under-read and application crash) via a crafted CAB. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Libmspack
NVD GitHub
CVSS 2.0
4.3
EPSS
0.6%
CVE-2015-4470 MEDIUM POC This Month

Off-by-one error in the inflate function in mszipd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CAB archive. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Libmspack
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2015-4469 MEDIUM POC This Month

The chmd_read_headers function in chmd.c in libmspack before 0.5 does not validate name lengths, which allows remote attackers to cause a denial of service (buffer over-read and application crash). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Libmspack
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2015-4468 MEDIUM POC This Month

Multiple integer overflows in the search_chunk function in chmd.c in libmspack before 0.5 allow remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Libmspack
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2015-4467 MEDIUM POC This Month

The chmd_init_decomp function in chmd.c in libmspack before 0.5 does not properly validate the reset interval, which allows remote attackers to cause a denial of service (divide-by-zero error and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Libmspack
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-9732 MEDIUM POC This Month

The cabd_extract function in cabd.c in libmspack before 0.5 does not properly maintain decompression callbacks in certain cases where an invalid file follows a valid file, which allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Libmspack
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-9556 MEDIUM POC This Month

Integer overflow in the qtmd_decompress function in libmspack 0.4 allows remote attackers to cause a denial of service (hang) via a crafted CAB file, which triggers an infinite loop. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libmspack
NVD
CVSS 2.0
5.0
EPSS
1.1%
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

libmspack 0.9.1alpha is affected by: Buffer Overflow. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libmspack +3
NVD GitHub
EPSS 3% CVSS 5.3
MEDIUM POC PATCH This Month

chmextract.c in the chmextract sample program, as distributed with libmspack before 0.8alpha, does not protect against absolute/relative pathnames in CHM files, leading to Directory Traversal. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Libmspack
NVD GitHub
EPSS 3% CVSS 4.3
MEDIUM POC PATCH This Month

chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Libmspack +7
NVD GitHub
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Cabextract +6
NVD GitHub
EPSS 4% CVSS 8.8
HIGH PATCH This Week

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Libmspack Cabextract +6
NVD GitHub
EPSS 4% CVSS 8.8
HIGH PATCH This Week

An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Libmspack +7
NVD GitHub
EPSS 4% CVSS 6.5
MEDIUM PATCH This Month

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Libmspack Cabextract +6
NVD GitHub
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libmspack Cabextract +6
NVD GitHub
EPSS 2% CVSS 7.8
HIGH PATCH This Week

mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Libmspack
NVD GitHub
EPSS 3% CVSS 5.5
MEDIUM This Month

The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2 and other products, allows remote attackers to cause a denial of service (stack-based buffer over-read. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure +1
NVD GitHub
EPSS 0% CVSS 6.8
MEDIUM POC This Month

Off-by-one error in the READ_ENCINT macro in chmd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Libmspack
NVD
EPSS 1% CVSS 4.3
MEDIUM POC PATCH This Month

Off-by-one error in the lzxd_decompress function in lzxd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (buffer under-read and application crash) via a crafted CAB. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Libmspack
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM POC This Month

Off-by-one error in the inflate function in mszipd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CAB archive. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Libmspack
NVD
EPSS 0% CVSS 4.3
MEDIUM POC This Month

The chmd_read_headers function in chmd.c in libmspack before 0.5 does not validate name lengths, which allows remote attackers to cause a denial of service (buffer over-read and application crash). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Libmspack
NVD
EPSS 0% CVSS 4.3
MEDIUM POC This Month

Multiple integer overflows in the search_chunk function in chmd.c in libmspack before 0.5 allow remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Libmspack
NVD
EPSS 0% CVSS 4.3
MEDIUM POC This Month

The chmd_init_decomp function in chmd.c in libmspack before 0.5 does not properly validate the reset interval, which allows remote attackers to cause a denial of service (divide-by-zero error and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Libmspack
NVD
EPSS 0% CVSS 4.3
MEDIUM POC This Month

The cabd_extract function in cabd.c in libmspack before 0.5 does not properly maintain decompression callbacks in certain cases where an invalid file follows a valid file, which allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Libmspack
NVD
EPSS 1% CVSS 5.0
MEDIUM POC This Month

Integer overflow in the qtmd_decompress function in libmspack 0.4 allows remote attackers to cause a denial of service (hang) via a crafted CAB file, which triggers an infinite loop. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libmspack
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy