Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2019-1010305

Published: 15 July 2019

libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmd_read_headers() in libmspack(file libmspack/mspack/chmd.c). The attack vector is: the victim must open a specially crafted chm file. The fixed version is: after commit 2f084136cfe0d05e5bf5703f3e83c6d955234b4d.

Notes

AuthorNote
mdeslaur 
clamav in xenial+ uses the system libmspack, trusty uses
the embedded one.

Priority

Medium

Cvss 3 Severity Score

5.5

Score breakdown

Status

Package Release Status
clamav
Launchpad, Ubuntu, Debian 		bionic Not vulnerable
(uses system libmspack)
cosmic Not vulnerable
(uses system libmspack)
disco Not vulnerable
(uses system libmspack)
focal Not vulnerable
(uses system libmspack)
jammy Not vulnerable
(uses system libmspack)
kinetic Not vulnerable
(uses system libmspack)
lunar Not vulnerable
(uses system libmspack)
upstream Needs triage

xenial Not vulnerable
(uses system libmspack)
libmspack
Launchpad, Ubuntu, Debian 		bionic
Released (0.6-3ubuntu0.3)
cosmic Ignored
(reached end-of-life)
disco
Released (0.10.1-1)
focal
Released (0.10.1-1)
jammy
Released (0.10.1-1)
kinetic
Released (0.10.1-1)
lunar
Released (0.10.1-1)
trusty Needed

upstream Needs triage

xenial
Released (0.5-1ubuntu0.16.04.4)

Severity score breakdown

Parameter Value
Base score 5.5
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Scope Unchanged
Confidentiality High
Integrity impact None
Availability impact None
Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading