CVE-2015-4472

Published: 11 June 2015

Off-by-one error in the READ_ENCINT macro in chmd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CHM file.

Priority

Status

Package	Release	Status
libmspack Launchpad, Ubuntu, Debian	artful	Not vulnerable
	bionic	Not vulnerable
	cosmic	Not vulnerable
	disco	Not vulnerable
	focal	Not vulnerable
	jammy	Not vulnerable
	kinetic	Not vulnerable
	lunar	Not vulnerable
	mantic	Not vulnerable
	precise	Does not exist
	trusty	Needed
	upstream	Released (0.4-3)
	utopic	Ignored (end of life)
	vivid	Not vulnerable (0.5-1)
	wily	Not vulnerable
	xenial	Not vulnerable
	yakkety	Not vulnerable
	zesty	Not vulnerable

References

http://www.openwall.com/lists/oss-security/2015/02/03/11
https://bugs.debian.org/775687
http://openwall.com/lists/oss-security/2015/02/03/11
https://www.cve.org/CVERecord?id=CVE-2015-4472
NVD
Launchpad
Debian

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775687

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›