Your submission was sent successfully! Close

CVE-2018-14681

Published: 28 July 2018

An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.

Notes

AuthorNote
mdeslaur
clamav in xenial+ uses the system libmspack, trusty uses
the embedded one.
Priority

Medium

CVSS 3 base score: 8.8

Status

Package Release Status
clamav
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(uses system libmspack)
cosmic Not vulnerable
(uses system libmspack)
disco Not vulnerable
(uses system libmspack)
precise
Released (0.100.1+dfsg-1ubuntu0.12.04.3)
trusty
Released (0.100.1+dfsg-1ubuntu0.14.04.3)
upstream Needs triage

xenial Not vulnerable
(uses system libmspack)
libmspack
Launchpad, Ubuntu, Debian
bionic
Released (0.6-3ubuntu0.1)
cosmic Not vulnerable
(0.7-1)
disco Not vulnerable
(0.7-1)
precise Does not exist

trusty Does not exist
(trusty was needed)
upstream
Released (0.7)
xenial
Released (0.5-1ubuntu0.16.04.2)
Patches:
upstream: https://github.com/kyz/libmspack/commit/0b0ef9344255ff5acfac6b7af09198ac9c9756c8