CVE-2019-1010305

Summary

CVE	CVE-2019-1010305
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2019-07-15 15:15:00 UTC
Updated	2023-11-07 03:02:00 UTC
Description	libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmd_read_headers() in libmspack(file libmspack/mspack/chmd.c). The attack vector is: the victim must open a specially crafted chm file. The fixed version is: after commit 2f084136cfe0d05e5bf5703f3e83c6d955234b4d.

Risk And Classification

Problem Types: CWE-119

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Canonical	Ubuntu Linux	12.04	All	All	All
Operating System	Canonical	Ubuntu Linux	14.04	All	All	All
Operating System	Canonical	Ubuntu Linux	16.04	All	All	All
Operating System	Canonical	Ubuntu Linux	18.04	All	All	All
Operating System	Canonical	Ubuntu Linux	12.04	All	All	All
Operating System	Canonical	Ubuntu Linux	14.04	All	All	All
Operating System	Canonical	Ubuntu Linux	16.04	All	All	All
Operating System	Canonical	Ubuntu Linux	18.04	All	All	All
Operating System	Debian	Debian Linux	8.0	All	All	All
Operating System	Debian	Debian Linux	9.0	All	All	All
Operating System	Fedoraproject	Fedora	29	All	All	All
Operating System	Fedoraproject	Fedora	30	All	All	All
Operating System	Fedoraproject	Fedora	29	All	All	All
Operating System	Fedoraproject	Fedora	30	All	All	All
Application	Kyzer	Libmspack	0.9.1	alpha	All	All
Application	Kyzer	Libmspack	0.9.1	alpha	All	All

References

Reference	Source	Link	Tags
[SECURITY] Fedora 29 Update: libmspack-0.10.1-0.1.alpha.fc29 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
Heap buffer overflow in chmd_read_headers() · Issue #27 · kyz/libmspack · GitHub	MISC	github.com	Exploit, Issue Tracking, Third Party Advisory
[SECURITY] Fedora 29 Update: libmspack-0.10.1-0.1.alpha.fc29 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org	Third Party Advisory
[SECURITY] Fedora 30 Update: libmspack-0.10.1-0.1.alpha.fc30 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org	Third Party Advisory
length checks when looking for control files · kyz/libmspack@2f08413 · GitHub	MISC	github.com	Patch, Third Party Advisory
USN-4066-1: libmspack vulnerability \| Ubuntu security notices \| Ubuntu	UBUNTU	usn.ubuntu.com	Third Party Advisory
[SECURITY] Fedora 30 Update: libmspack-0.10.1-0.1.alpha.fc30 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
[SECURITY] [DLA 2805-1] libmspack security update	MLIST	lists.debian.org
[SECURITY] [DLA 1895-1] libmspack security update	MLIST	lists.debian.org
USN-4066-2: ClamAV vulnerability \| Ubuntu security notices \| Ubuntu	UBUNTU	usn.ubuntu.com	Third Party Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

178864 Debian Security Update for libmspack (DLA 2805-1)
377311 Alibaba Cloud Linux Security Update for libmspack (ALINUX2-SA-2020:0121)
377569 Alibaba Cloud Linux Security Update for libmspack (ALINUX3-SA-2022:0058)
501041 Alpine Linux Security Update for libmspack
940122 AlmaLinux Security Update for libmspack (ALSA-2020:1686)
960414 Rocky Linux Security Update for libmspack (RLSA-2020:1686)