Your submission was sent successfully! Close

CVE-2018-14679

Published: 28 July 2018

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash).

Notes

AuthorNote
mdeslaur
clamav in xenial+ uses the system libmspack, trusty uses
the embedded one.
Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
clamav
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(uses system libmspack)
cosmic Not vulnerable
(uses system libmspack)
disco Not vulnerable
(uses system libmspack)
precise
Released (0.100.1+dfsg-1ubuntu0.12.04.3)
trusty
Released (0.100.1+dfsg-1ubuntu0.14.04.3)
upstream Needs triage

xenial Not vulnerable
(uses system libmspack)
libmspack
Launchpad, Ubuntu, Debian
bionic
Released (0.6-3ubuntu0.1)
cosmic Not vulnerable
(0.7-1)
disco Not vulnerable
(0.7-1)
precise Does not exist

trusty Does not exist
(trusty was needed)
upstream
Released (0.7)
xenial
Released (0.5-1ubuntu0.16.04.2)
Patches:
upstream: https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a