CVE-2018-14680

Published: 28 July 2018

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.

Notes

Author	Note
mdeslaur	clamav in xenial+ uses the system libmspack, trusty uses the embedded one.

6.5

Package	Release	Status
clamav Launchpad, Ubuntu, Debian	bionic	Not vulnerable (uses system libmspack)
	cosmic	Not vulnerable (uses system libmspack)
	disco	Not vulnerable (uses system libmspack)
	focal	Not vulnerable (uses system libmspack)
	jammy	Not vulnerable (uses system libmspack)
	kinetic	Not vulnerable (uses system libmspack)
	lunar	Not vulnerable (uses system libmspack)
	mantic	Not vulnerable (uses system libmspack)
	trusty	Released (0.100.1+dfsg-1ubuntu0.14.04.3)
	upstream	Needs triage
	xenial	Not vulnerable (uses system libmspack)
libmspack Launchpad, Ubuntu, Debian	bionic	Released (0.6-3ubuntu0.1)
	cosmic	Not vulnerable (0.7-1)
	disco	Not vulnerable (0.7-1)
	focal	Not vulnerable (0.7-1)
	jammy	Not vulnerable (0.7-1)
	kinetic	Not vulnerable (0.7-1)
	lunar	Not vulnerable (0.7-1)
	mantic	Not vulnerable (0.7-1)
	trusty	Needed
	upstream	Released (0.7)
	xenial	Released (0.5-1ubuntu0.16.04.2)
	Patches: upstream: https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.