CVE-2017-6419
Summary
| CVE | CVE-2017-6419 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2017-08-07 03:29:00 UTC |
|---|
| Updated | 2018-10-21 10:29:00 UTC |
|---|
| Description | mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| Debian -- Security Information -- DSA-3946-1 libmspack |
DEBIAN |
www.debian.org |
|
| fixing potential OOB window write when unpacking chm files · Cisco-Talos/clamav-devel@a837736 · GitHub |
MISC |
github.com |
Issue Tracking, Patch, Third Party Advisory |
| varsleak-vul/clamav_chm_crash.md at master · varsleak/varsleak-vul · GitHub |
MISC |
github.com |
Third Party Advisory |
| ClamAV: Multiple vulnerabilities (GLSA 201804-16) — Gentoo security |
GENTOO |
security.gentoo.org |
|
| Bug 11701 – an out-of-range write when clamscan prase chm |
MISC |
bugzilla.clamav.net |
Issue Tracking |
| [SECURITY] [DLA 1279-1] clamav security update |
MLIST |
lists.debian.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 500103 Alpine Linux Security Update for clamav
- 501042 Alpine Linux Security Update for libmspack
- 503827 Alpine Linux Security Update for clamav
- 710259 Gentoo Linux ClamAV Multiple Vulnerabilities (GLSA 201804-16)
