CVE-2019-1010305

Published: Jul 15, 2019Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmd_read_headers() in libmspack(file libmspack/mspack/chmd.c). The attack vector is: the victim must open a specially crafted chm file. The fixed version is: after commit 2f084136cfe0d05e5bf5703f3e83c6d955234b4d.

Affected (9)

Products: Kyzer: Libmspack · Fedoraproject: Fedora · Debian: Debian Linux · +1 more

Show all products

Kyzer: Libmspack · Fedoraproject: Fedora · Debian: Debian Linux · Canonical: Ubuntu Linux

1 product

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Kyzer Libmspack	Version 0.9.1 alpha

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 29
Fedoraproject Fedora	Version 30

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0
Debian Debian Linux	Version 9.0

Configuration D

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 18.04

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (16)

https://github.com/kyz/libmspack/commit/2f084136cfe0d05e5bf5703f3e83c6d955234b4d

Source: josh@bress.net

PatchThird Party Advisory

https://github.com/kyz/libmspack/issues/27

Source: josh@bress.net

ExploitIssue TrackingThird Party Advisory

https://lists.debian.org/debian-lts-announce/2019/08/msg00028.html

Source: josh@bress.net

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2021/10/msg00033.html

Source: josh@bress.net

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IXWNEY4CJBLPRKV6LG7FQUPD6WVZYBTB/

Source: josh@bress.net

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2QJTUAGP22YY7453MHGTFN4YQE5HJBR/

Source: josh@bress.net

https://usn.ubuntu.com/4066-1/

Source: josh@bress.net

Third Party Advisory

https://usn.ubuntu.com/4066-2/

Source: josh@bress.net

Third Party Advisory

https://github.com/kyz/libmspack/commit/2f084136cfe0d05e5bf5703f3e83c6d955234b4d

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/kyz/libmspack/issues/27

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

https://lists.debian.org/debian-lts-announce/2019/08/msg00028.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2021/10/msg00033.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IXWNEY4CJBLPRKV6LG7FQUPD6WVZYBTB/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2QJTUAGP22YY7453MHGTFN4YQE5HJBR/

Source: af854a3a-2127-422b-91ae-364da2661108

https://usn.ubuntu.com/4066-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://usn.ubuntu.com/4066-2/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.