CVE-2019-1010305

NameCVE-2019-1010305
Descriptionlibmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmd_read_headers() in libmspack(file libmspack/mspack/chmd.c). The attack vector is: the victim must open a specially crafted chm file. The fixed version is: after commit 2f084136cfe0d05e5bf5703f3e83c6d955234b4d.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-1895-1
NVD severitymedium

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libmspack (PTS)stretch0.5-1+deb9u3vulnerable
stretch (security)0.5-1+deb9u2vulnerable
buster0.10.1-1fixed
bullseye, sid0.10.1-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libmspacksourcejessie0.5-1+deb8u4DLA-1895-1
libmspacksource(unstable)0.10.1-1

Notes

[stretch] - libmspack <no-dsa> (Minor issue)
https://github.com/kyz/libmspack/commit/2f084136cfe0d05e5bf5703f3e83c6d955234b4d
https://github.com/kyz/libmspack/issues/27

Search for package or bug name: Reporting problems