Project

General

Profile

Bug #9226

[3.8] libmspack: Multiple vulnerabilities (CVE-2018-14679, CVE-2018-14680, CVE-2018-14681, CVE-2018-14682)

Added by Alicha CH 8 months ago. Updated 8 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
Start date:
08/10/2018
Due date:
% Done:

100%

Estimated time:
Affected versions:
Security IDs:

Description

CVE-2018-14679: An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha.
There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead
to denial of service (uninitialized data dereference and application crash).

Fixed In Version:

libmspack 0.7alpha

References:

http://www.openwall.com/lists/oss-security/2018/07/26/1
https://nvd.nist.gov/vuln/detail/CVE-2018-14679

Patch:

https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a

CVE-2018-14680: An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha.
It does not reject blank CHM filenames.

Fixed In Version:

libmspack 0.7alpha

References:

http://openwall.com/lists/oss-security/2018/07/28/1

Patch:

https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a

CVE-2018-14681: An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha.
A maliciously crafted KWAJ file header extensions could cause a one or two byte overwrite.

Fixed In Version:

libmspack 0.7alpha

References:

http://www.openwall.com/lists/oss-security/2018/07/26/1
https://nvd.nist.gov/vuln/detail/CVE-2018-14681

Patch:

https://github.com/kyz/libmspack/commit/0b0ef9344255ff5acfac6b7af09198ac9c9756c8

CVE-2018-14682: An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an
off-by-one error in the TOLOWER macro for CHM decompression.

Fixed In Version:

libmspack 0.7alpha

References:

http://openwall.com/lists/oss-security/2018/07/28/1
https://nvd.nist.gov/vuln/detail/CVE-2018-14682

Patch:

https://github.com/kyz/libmspack/commit/4fd9ccaa54e1aebde1e4b95fb0163b699fd7bcc8

Associated revisions

Revision 3e3519a9 (diff)
Added by Natanael Copa 8 months ago

main/libmspack: security upgrade to 0.7.1alpha

fixes #9226

History

#2 Updated by Natanael Copa 8 months ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

#3 Updated by Alicha CH 8 months ago

  • Project changed from Alpine Security to Alpine Linux
  • Category set to Security
  • Status changed from Resolved to Closed
  • Security IDs deleted (CVE-2018-14679, CVE-2018-14680, CVE-2018-14681, CVE-2018-14682)

Also available in: Atom PDF