This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Libmspack Project First view 2015-02-03
Product Libmspack Last view 2015-06-11
Version 0.4 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:libmspack_project:libmspack

Activity : Overall

Related : CVE

  Date Alert Description
6.8 2015-06-11 CVE-2015-4472

Off-by-one error in the READ_ENCINT macro in chmd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CHM file.

4.3 2015-06-11 CVE-2015-4471

Off-by-one error in the lzxd_decompress function in lzxd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (buffer under-read and application crash) via a crafted CAB archive.

4.3 2015-06-11 CVE-2015-4470

Off-by-one error in the inflate function in mszipd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CAB archive.

4.3 2015-06-11 CVE-2015-4469

The chmd_read_headers function in chmd.c in libmspack before 0.5 does not validate name lengths, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CHM file.

4.3 2015-06-11 CVE-2015-4468

Multiple integer overflows in the search_chunk function in chmd.c in libmspack before 0.5 allow remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CHM file.

4.3 2015-06-11 CVE-2015-4467

The chmd_init_decomp function in chmd.c in libmspack before 0.5 does not properly validate the reset interval, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted CHM file.

4.3 2015-06-11 CVE-2014-9732

The cabd_extract function in cabd.c in libmspack before 0.5 does not properly maintain decompression callbacks in certain cases where an invalid file follows a valid file, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted CAB archive.

5 2015-02-03 CVE-2014-9556

Integer overflow in the qtmd_decompress function in libmspack 0.4 allows remote attackers to cause a denial of service (hang) via a crafted CAB file, which triggers an infinite loop.

CWE : Common Weakness Enumeration

%idName
85% (6) CWE-189 Numeric Errors
14% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

Nessus® Vulnerability Scanner

id Description
2016-01-12 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-0011-1.nasl - Type: ACT_GATHER_INFO
2015-12-09 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2015-2215-1.nasl - Type: ACT_GATHER_INFO
2015-12-01 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2015-2131-1.nasl - Type: ACT_GATHER_INFO
2015-06-22 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201506-01.nasl - Type: ACT_GATHER_INFO
2015-06-02 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_cc7548ef06e111e58fda002590263bf5.nasl - Type: ACT_GATHER_INFO
2015-05-29 Name: The remote Debian host is missing a security update.
File: debian_DLA-233.nasl - Type: ACT_GATHER_INFO
2015-03-30 Name: The remote Mandriva Linux host is missing a security update.
File: mandriva_MDVSA-2015-064.nasl - Type: ACT_GATHER_INFO
2015-03-17 Name: The remote Fedora host is missing a security update.
File: fedora_2015-3118.nasl - Type: ACT_GATHER_INFO
2015-03-17 Name: The remote Fedora host is missing a security update.
File: fedora_2015-3205.nasl - Type: ACT_GATHER_INFO
2015-03-17 Name: The remote Fedora host is missing a security update.
File: fedora_2015-3249.nasl - Type: ACT_GATHER_INFO
2015-03-17 Name: The remote SuSE 11 host is missing a security update.
File: suse_11_libmspack-150305.nasl - Type: ACT_GATHER_INFO
2015-03-10 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2015-208.nasl - Type: ACT_GATHER_INFO
2015-02-11 Name: The remote Mandriva Linux host is missing a security update.
File: mandriva_MDVSA-2015-041.nasl - Type: ACT_GATHER_INFO
2015-02-03 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2015-87.nasl - Type: ACT_GATHER_INFO