MGASA-2018-0455

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2018-0455.html

Import Source

https://advisories.mageia.org/MGASA-2018-0455.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2018-0455

Related

Published

2018-11-17T22:23:26Z

Modified

2018-11-17T21:58:01Z

Summary

Updated libmspack/cabextract packages fix security vulnerabilities

Details

Hanno BÃ¶ck discovered that libmspack incorrectly handled certain CHM files. An attacker could possibly use this issue to cause a denial of service (CVE-2018-14679, CVE-2018-14680).

Jakub Wilk discovered that libmspack incorrectly handled certain KWAJ files. An attacker could possibly use this issue to execute arbitrary code (CVE-2018-14681).

Dmitry Glavatskikh discovered that libmspack incorrectly certain CHM files. An attacker could possibly use this issue to execute arbitrary code (CVE-2018-14682).

If a CAB file has a Quantum-compressed datablock with exactly 38912 compressed bytes, cabextract would write exactly one byte beyond its input buffer (CVE-2018-18584).

libmspack didn't reject blank CHM filenames that are blank because they have embedded null bytes, not just because they are zero-length (CVE-2018-18585).

chmextract didn't protect from absolute/relative pathnames in CHM files (CVE-2018-18586).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

MGASA-2018-0455

Affected packages