Your submission was sent successfully! Close

CVE-2017-11423

Published: 18 July 2017

The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2 and other products, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file.

Priority

Medium

CVSS 3 base score: 5.5

Status

Package Release Status
clamav
Launchpad, Ubuntu, Debian
artful Not vulnerable
(uses system libmspack)
bionic Not vulnerable
(uses system libmspack)
cosmic Not vulnerable
(uses system libmspack)
disco Not vulnerable
(uses system libmspack)
precise Not vulnerable
(code not present)
trusty Not vulnerable
(code not present)
upstream Needs triage

xenial Not vulnerable
(uses system libmspack)
zesty Not vulnerable
(uses system libmspack)
libmspack
Launchpad, Ubuntu, Debian
artful Not vulnerable
(0.6-3)
bionic Not vulnerable
(0.6-3)
cosmic Not vulnerable
(0.6-3)
disco Not vulnerable
(0.6-3)
precise Does not exist

trusty Does not exist
(trusty was needed)
upstream
Released (0.6-1)
xenial
Released (0.5-1ubuntu0.16.04.1)
yakkety Ignored
(reached end-of-life)
zesty
Released (0.5-1ubuntu0.17.04.1)