MidnightBSD

Advisories for jed_wing

CVE-2005-2659 HIGH

Buffer overflow in the LZX decompression in CHM Lib (chmlib) 0.35, as used in products such as KchmViewer, has unknown impact and attack vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
jed_wing chm_lib 0.35
CVE-2005-2930 MEDIUM

Stack-based buffer overflow in the _chm_find_in_PMGL function in chm_lib.c for chmlib before 0.36, as used in products such as KchmViewer, allows user-assisted attackers to execute arbitrary code via a CHM file containing a long element, a different vulnerability than CVE-2005-3318.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
jed_wing chm_lib 0.2
jed_wing chm_lib 0.32
jed_wing chm_lib 0.1
jed_wing chm_lib 0.35
jed_wing chm_lib 0.3
jed_wing chm_lib 0.31
jed_wing chm_lib 0.33
CVE-2005-3318 MEDIUM

Buffer overflow in the _chm_decompress_block function in CHM lib (chmlib) before 0.37, as used in products such as KchmViewer, allows attackers to execute arbitrary code, a different vulnerability than CVE-2005-2930.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
jed_wing chm_lib 0.2
jed_wing chm_lib 0.32
jed_wing chm_lib 0.1
jed_wing chm_lib 0.36
jed_wing chm_lib 0.35
jed_wing chm_lib 0.3
jed_wing chm_lib 0.31
jed_wing chm_lib 0.33
CVE-2006-3178 MEDIUM

Directory traversal vulnerability in extract_chmLib example program in CHM Lib (chmlib) before 0.38 allows remote attackers to overwrite arbitrary files via a CHM archive containing files with a .. (dot dot) in their filename.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
jed_wing chm_lib *