Integer overflow in the qtmd_decompress function in libmspack 0.4 allows remote attackers to cause a denial of service (hang) via a crafted CAB file, which triggers an infinite loop.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libmspack_project | libmspack | 0.4 |
The cabd_extract function in cabd.c in libmspack before 0.5 does not properly maintain decompression callbacks in certain cases where an invalid file follows a valid file, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted CAB archive.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libmspack_project | libmspack | * |
The chmd_init_decomp function in chmd.c in libmspack before 0.5 does not properly validate the reset interval, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted CHM file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libmspack_project | libmspack | * |
Multiple integer overflows in the search_chunk function in chmd.c in libmspack before 0.5 allow remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CHM file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libmspack_project | libmspack | * |
The chmd_read_headers function in chmd.c in libmspack before 0.5 does not validate name lengths, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CHM file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libmspack_project | libmspack | * |
Off-by-one error in the inflate function in mszipd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CAB archive.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libmspack_project | libmspack | * |
Off-by-one error in the lzxd_decompress function in lzxd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (buffer under-read and application crash) via a crafted CAB archive.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libmspack_project | libmspack | * |
Off-by-one error in the READ_ENCINT macro in chmd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CHM file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libmspack_project | libmspack | * |
The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2 and other products, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libmspack_project | libmspack | 0.5 |
mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libmspack_project | libmspack | 0.5 |
In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libmspack_project | libmspack | 0.5 |
| canonical | ubuntu_linux | 18.04 |
| starwindsoftware | starwind_virtual_san | - |
| libmspack_project | libmspack | 0.7 |
| canonical | ubuntu_linux | 14.04 |
| redhat | enterprise_linux | 7.0 |
| cabextract_project | cabextract | * |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 16.04 |
| suse | linux_enterprise_server | 12 |
| debian | debian_linux | 8.0 |
| suse | linux_enterprise_server | 11 |
| canonical | ubuntu_linux | 18.10 |
| libmspack_project | libmspack | 0.4 |
| libmspack_project | libmspack | 0.3 |
| libmspack_project | libmspack | 0.6 |
| libmspack_project | libmspack | 0.7.1 |