CVE-2019-1010305

NameCVE-2019-1010305
Descriptionlibmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmd_read_headers() in libmspack(file libmspack/mspack/chmd.c). The attack vector is: the victim must open a specially crafted chm file. The fixed version is: after commit 2f084136cfe0d05e5bf5703f3e83c6d955234b4d.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-1895-1
NVD severitymedium (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libmspack (PTS)jessie0.5-1+deb8u1vulnerable
jessie (security)0.5-1+deb8u4fixed
stretch0.5-1+deb9u3vulnerable
stretch (security)0.5-1+deb9u2vulnerable
bullseye, sid, buster0.10.1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libmspacksource(unstable)0.10.1-1medium
libmspacksourcejessie0.5-1+deb8u4mediumDLA-1895-1

Notes

https://github.com/kyz/libmspack/commit/2f084136cfe0d05e5bf5703f3e83c6d955234b4d
https://github.com/kyz/libmspack/issues/27

Search for package or bug name: Reporting problems