libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmd_read_headers() in libmspack(file libmspack/mspack/chmd.c). The attack vector is: the victim must open a specially crafted chm file. The fixed version is: after commit 2f084136cfe0d05e5bf5703f3e83c6d955234b4d.
References
Link | Resource |
---|---|
https://github.com/kyz/libmspack/commit/2f084136cfe0d05e5bf5703f3e83c6d955234b4d | Patch Third Party Advisory |
https://github.com/kyz/libmspack/issues/27 | Exploit Issue Tracking Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2019/08/msg00028.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2021/10/msg00033.html | Mailing List Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IXWNEY4CJBLPRKV6LG7FQUPD6WVZYBTB/ | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2QJTUAGP22YY7453MHGTFN4YQE5HJBR/ | |
https://usn.ubuntu.com/4066-1/ | Third Party Advisory |
https://usn.ubuntu.com/4066-2/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
30 Nov 2021, 18:50
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* |
|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXWNEY4CJBLPRKV6LG7FQUPD6WVZYBTB/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S2QJTUAGP22YY7453MHGTFN4YQE5HJBR/ - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2021/10/msg00033.html - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2019/08/msg00028.html - Mailing List, Third Party Advisory |
17 Nov 2021, 22:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
10 Nov 2021, 01:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
31 Oct 2021, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2019-07-15 15:15
Updated : 2024-02-04 20:20
NVD link : CVE-2019-1010305
Mitre link : CVE-2019-1010305
CVE.ORG link : CVE-2019-1010305
JSON object : View
Products Affected
canonical
- ubuntu_linux
debian
- debian_linux
kyzer
- libmspack
fedoraproject
- fedora
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer