Buffer overflow in the LZX decompression in CHM Lib (chmlib) 0.35, as used in products such as KchmViewer, has unknown impact and attack vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| jed_wing | chm_lib | 0.35 |
Stack-based buffer overflow in the _chm_find_in_PMGL function in chm_lib.c for chmlib before 0.36, as used in products such as KchmViewer, allows user-assisted attackers to execute arbitrary code via a CHM file containing a long element, a different vulnerability than CVE-2005-3318.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| jed_wing | chm_lib | 0.2 |
| jed_wing | chm_lib | 0.32 |
| jed_wing | chm_lib | 0.1 |
| jed_wing | chm_lib | 0.35 |
| jed_wing | chm_lib | 0.3 |
| jed_wing | chm_lib | 0.31 |
| jed_wing | chm_lib | 0.33 |
Buffer overflow in the _chm_decompress_block function in CHM lib (chmlib) before 0.37, as used in products such as KchmViewer, allows attackers to execute arbitrary code, a different vulnerability than CVE-2005-2930.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| jed_wing | chm_lib | 0.2 |
| jed_wing | chm_lib | 0.32 |
| jed_wing | chm_lib | 0.1 |
| jed_wing | chm_lib | 0.36 |
| jed_wing | chm_lib | 0.35 |
| jed_wing | chm_lib | 0.3 |
| jed_wing | chm_lib | 0.31 |
| jed_wing | chm_lib | 0.33 |
Directory traversal vulnerability in extract_chmLib example program in CHM Lib (chmlib) before 0.38 allows remote attackers to overwrite arbitrary files via a CHM archive containing files with a .. (dot dot) in their filename.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| jed_wing | chm_lib | * |