Executive Summary
| Summary | |
|---|---|
| Title | New chmlib packages fix several vulnerabilities |
| Informations | |||
|---|---|---|---|
| Name | DSA-886 | First vendor Publication | 2005-11-07 |
| Vendor | Debian | Last vendor Modification | 2005-11-07 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Several vulnerabilities have been discovered in chmlib, a library for dealing with CHM format files. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-2659 Palasik Sandor discoverd a buffer overflow in the LZX decompression method. CVE-2005-2930 A buffer overflow has been discovered that could lead to the execution of arbitrary code. CVE-2005-3318 Sven Tantau discoverd a buffer overflow that could lead to the execution of arbitrary code. The old stable distribution (woody) does not contain chmlib packages. For the stable distribution (sarge) these problems have been fixed in version 0.35-6sarge1. For the unstable distribution (sid) these problems have been fixed in version 0.37-2. We recommend that you upgrade your chmlib packages. |
Original Source
| Url : http://www.debian.org/security/2005/dsa-886 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200511-23 (chmlib kchmviewer) File : nvt/glsa_200511_23.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 886-1 (chmlib) File : nvt/deb_886_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 20974 | chmlib LZX Decompression Overflow |
| 20512 | chmlib chm_lib.c _chm_find_in_PMGL element Overflow |
| 20335 | chmlib _chm_decompress_block() Function CHM File Processing Overflow A remote overflow exists in chmlib. The library function "_chm_decompress_block()" fails to perform proper bounds checking, resulting in a stack-based buffer overflow. With a specially crafted CHM file, an attacker can cause arbitrary code execution resulting in a loss of integrity. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-886.nasl - Type : ACT_GATHER_INFO |
| 2005-12-07 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200511-23.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:34:37 |
|
| 2013-05-11 12:19:16 |
|
