Vulnerabilities > CVE-2014-9556 - Numeric Errors vulnerability in Libmspack Project Libmspack 0.4

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
libmspack-project
opensuse
CWE-189
nessus
NVD
Published: 2015-02-03
Updated: 2018-10-30

Summary

Integer overflow in the qtmd_decompress function in libmspack 0.4 allows remote attackers to cause a denial of service (hang) via a crafted CAB file, which triggers an infinite loop.

Vulnerable Configurations

Part Description Count
Application
Libmspack_Project
1
OS
Opensuse
2

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-2131-1.NASL
    descriptionThis security update fixes the following issues : - Fix possible infinite loop caused DoS (bsc919283, CVE-2014-9556) - Fix zero dereference (bsc#934524, CVE-2014-9732) - Fix off by one (bsc#934527, CVE-2015-4470) - Fix buffer under-read crash (bsc#934528, CVE-2015-4471) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id87122
    published2015-12-01
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87122
    titleSUSE SLED11 Security Update : cabextract (SUSE-SU-2015:2131-1)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2015-064.NASL
    descriptionUpdated cabextract packages fix security vulnerabilities : Libmspack, a library to provide compression and decompression of some file formats used by Microsoft, is embedded in cabextract. A specially crafted cab file can cause cabextract to hang forever. If cabextract is exposed to any remotely-controlled user input, this issue can cause a denial-of-service (CVE-2014-9556). A directory traversal issue in cabextract allows writing to locations outside of the current working directory, when extracting a crafted cab file that encodes the filenames in a certain manner (CVE-2015-2060).
    last seen2020-06-01
    modified2020-06-02
    plugin id82317
    published2015-03-30
    reporterThis script is Copyright (C) 2015-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82317
    titleMandriva Linux Security Advisory : cabextract (MDVSA-2015:064)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-233.NASL
    descriptionUpstream published version 0.98.7. This update updates sqeeze-lts to the latest upstream release in line with the approach used for other Debian releases. The changes are not strictly required for operation, but users of the previous version in Squeeze may not be able to make use of all current virus signatures and might get warnings. The bug fixes that are part of this release include security fixes related to packed or crypted files (CVE-2014-9328, CVE-2015-1461, CVE-2015-1462, CVE-2015-1463, CVE-2015-2170, CVE-2015-2221, CVE-2015-2222, and CVE-2015-2668) and several fixes to the embedded libmspack library, including a potential infinite loop in the Quantum decoder (CVE-2014-9556). If you use clamav, we strongly recommend that you upgrade to this version. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2015-05-29
    plugin id83888
    published2015-05-29
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/83888
    titleDebian DLA-233-1 : clamav security and upstream version update
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_CC7548EF06E111E58FDA002590263BF5.NASL
    descriptionThere is a denial of service vulnerability in libmspack. The libmspack code is built into cabextract, so it is also vulnerable. MITRE reports : Integer overflow in the qtmd_decompress function in libmspack 0.4 allows remote attackers to cause a denial of service (hang) via a crafted CAB file, which triggers an infinite loop.
    last seen2020-06-01
    modified2020-06-02
    plugin id83942
    published2015-06-02
    reporterThis script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83942
    titleFreeBSD : libmspack -- frame_end overflow which could cause infinite loop (cc7548ef-06e1-11e5-8fda-002590263bf5)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-3118.NASL
    descriptionupdated to bugfix release 0.5alpha Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2015-03-17
    plugin id81851
    published2015-03-17
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/81851
    titleFedora 22 : libmspack-0.5-0.1.alpha.fc22 (2015-3118)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_LIBMSPACK-150305.NASL
    descriptionThis update fixes the following security issue : - An integer overflow in the function qtmd_decompress() could have been exploited causing a denial of service (endless loop) (bnc##912214). (CVE-2014-9556)
    last seen2020-06-01
    modified2020-06-02
    plugin id81878
    published2015-03-17
    reporterThis script is Copyright (C) 2015 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/81878
    titleSuSE 11.3 Security Update : libmspack (SAT Patch Number 10402)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-3205.NASL
    descriptionupdated to bugfix release 0.5alpha Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2015-03-17
    plugin id81855
    published2015-03-17
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/81855
    titleFedora 20 : libmspack-0.5-0.1.alpha.fc20 (2015-3205)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2015-041.NASL
    descriptionUpdated cabextract packages fix security vulnerability : Libmspack, a library to provide compression and decompression of some file formats used by Microsoft, is embedded in cabextract. A specially crafted cab file can cause cabextract to hang forever. If cabextract is exposed to any remotely-controlled user input, this issue can cause a denial-of-service (CVE-2014-9556).
    last seen2020-06-01
    modified2020-06-02
    plugin id81282
    published2015-02-11
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81282
    titleMandriva Linux Security Advisory : cabextract (MDVSA-2015:041)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-3249.NASL
    descriptionupdated to bugfix release 0.5alpha Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2015-03-17
    plugin id81857
    published2015-03-17
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/81857
    titleFedora 21 : libmspack-0.5-0.1.alpha.fc21 (2015-3249)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2015-208.NASL
    descriptionThis update fixes previous security update, which was not considered as complete.
    last seen2020-06-05
    modified2015-03-10
    plugin id81720
    published2015-03-10
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/81720
    titleopenSUSE Security Update : libmspack (openSUSE-2015-208)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2015-87.NASL
    descriptionlibmspack was updated to fix a possible infinite loop caused DoS (bnc912214, CVE-2014-9556).
    last seen2020-06-05
    modified2015-02-03
    plugin id81137
    published2015-02-03
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81137
    titleopenSUSE Security Update : libmspack (openSUSE-SU-2015:0187-1)

References