Vulnerabilities > CVE-2018-14679 - Off-by-one Error vulnerability in multiple products

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH

Summary

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash).

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-847FE2ED61.NASL
    descriptionClamAV 0.100.2 has been released! This is a patch release to address several vulnerabilities. Fixes for the following ClamAV vulnerabilities: CVE-2018-15378: Vulnerability in ClamAV
    last seen2020-06-05
    modified2019-01-03
    plugin id120579
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120579
    titleFedora 29 : clamav (2018-847fe2ed61)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2018-847fe2ed61.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(120579);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2018-14679", "CVE-2018-14680", "CVE-2018-14681", "CVE-2018-14682", "CVE-2018-15378");
      script_xref(name:"FEDORA", value:"2018-847fe2ed61");
    
      script_name(english:"Fedora 29 : clamav (2018-847fe2ed61)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "ClamAV 0.100.2 has been released! This is a patch release to address
    several vulnerabilities.
    
    Fixes for the following ClamAV vulnerabilities: CVE-2018-15378:
    Vulnerability in ClamAV's MEW unpacking feature that could allow an
    unauthenticated, remote attacker to cause a denial-of-service (DoS)
    condition on an affected device. Reported by Secunia Research at
    Flexera. Fix for a two-byte buffer over-read bug in ClamAV's PDF
    parsing code. Reported by Alex Gaynor. Fixes for the following
    vulnerabilities in bundled third-party libraries: CVE-2018-14680: An
    issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It
    does not reject blank CHM filenames. CVE-2018-14681: An issue was
    discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before
    0.7alpha. Bad KWAJ file header extensions could cause a one- or
    two-byte overwrite. CVE-2018-14682: An issue was discovered in
    mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one
    error in the TOLOWER() macro for CHM decompression. Additionally,
    0.100.2 reverted 0.100.1's patch for CVE-2018-14679, and applied
    libmspack's version of the fix in its place
    
    Other changes: Some users have reported freshclam signature
    update failures as a result of a delay between the time the
    new signature database content is announced and the time
    that the content-delivery-network has the content available
    for download. To mitigate these errors, this patch release
    includes some modifications to freshclam to make it more
    lenient, and to reduce the time that freshclam will ignore a
    mirror when it detects an issue. On-Access 'Extra Scanning,'
    an opt-in minor feature of OnAccess scanning on Linux
    systems, has been disabled due to a known issue with
    resource cleanup OnAccessExtraScanning will be re-enabled in
    a future release when the issue is resolved. In the
    mean-time, users who enabled the feature in clamd.conf will
    see a warning informing them that the feature is not active.
    For details, click here.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-847fe2ed61"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected clamav package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:clamav");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:29");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/28");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/10/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/03");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^29([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 29", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC29", reference:"clamav-0.100.2-2.fc29")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "clamav");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3728-1.NASL
    descriptionHanno Bock discovered that libmspack incorrectly handled certain CHM files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-14679, CVE-2018-14680) Jakub Wilk discovered that libmspack incorrectly handled certain KWAJ files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-14681) Dmitry Glavatskikh discovered that libmspack incorrectly certain CHM files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-14682). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id111513
    published2018-08-02
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111513
    titleUbuntu 16.04 LTS / 18.04 LTS : libmspack vulnerabilities (USN-3728-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-3728-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(111513);
      script_version("1.4");
      script_cvs_date("Date: 2019/09/18 12:31:48");
    
      script_cve_id("CVE-2018-14679", "CVE-2018-14680", "CVE-2018-14681", "CVE-2018-14682");
      script_xref(name:"USN", value:"3728-1");
    
      script_name(english:"Ubuntu 16.04 LTS / 18.04 LTS : libmspack vulnerabilities (USN-3728-1)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Hanno Bock discovered that libmspack incorrectly handled certain CHM
    files. An attacker could possibly use this issue to cause a denial of
    service. (CVE-2018-14679, CVE-2018-14680)
    
    Jakub Wilk discovered that libmspack incorrectly handled certain KWAJ
    files. An attacker could possibly use this issue to execute arbitrary
    code. (CVE-2018-14681)
    
    Dmitry Glavatskikh discovered that libmspack incorrectly certain CHM
    files. An attacker could possibly use this issue to execute arbitrary
    code. (CVE-2018-14682).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/3728-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libmspack0 package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmspack0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/28");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/08/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/02");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(16\.04|18\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 16.04 / 18.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"16.04", pkgname:"libmspack0", pkgver:"0.5-1ubuntu0.16.04.2")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"libmspack0", pkgver:"0.6-3ubuntu0.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libmspack0");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4260.NASL
    descriptionSeveral vulnerabilities were discovered in libsmpack, a library used to handle Microsoft compression formats. A remote attacker could craft malicious CAB, CHM or KWAJ files and use these flaws to cause a denial of service via application crash, or potentially execute arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id111521
    published2018-08-03
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111521
    titleDebian DSA-4260-1 : libmspack - security update
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-4260. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(111521);
      script_version("1.4");
      script_cvs_date("Date: 2018/11/13 12:30:47");
    
      script_cve_id("CVE-2018-14679", "CVE-2018-14680", "CVE-2018-14681", "CVE-2018-14682");
      script_xref(name:"DSA", value:"4260");
    
      script_name(english:"Debian DSA-4260-1 : libmspack - security update");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several vulnerabilities were discovered in libsmpack, a library used
    to handle Microsoft compression formats. A remote attacker could craft
    malicious CAB, CHM or KWAJ files and use these flaws to cause a denial
    of service via application crash, or potentially execute arbitrary
    code."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904799"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904800"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904801"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904802"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/source-package/libmspack"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/stretch/libmspack"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2018/dsa-4260"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the libmspack packages.
    
    For the stable distribution (stretch), these problems have been fixed
    in version 0.5-1+deb9u2."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmspack");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2018/08/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/03");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"9.0", prefix:"libmspack-dbg", reference:"0.5-1+deb9u2")) flag++;
    if (deb_check(release:"9.0", prefix:"libmspack-dev", reference:"0.5-1+deb9u2")) flag++;
    if (deb_check(release:"9.0", prefix:"libmspack-doc", reference:"0.5-1+deb9u2")) flag++;
    if (deb_check(release:"9.0", prefix:"libmspack0", reference:"0.5-1+deb9u2")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2019-1146.NASL
    descriptionAn issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.(CVE-2018-14681) An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.(CVE-2018-14682) An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.(CVE-2018-14680) A vulnerability in ClamAV versions prior to 0.100.2 could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to an error related to the MEW unpacker within the
    last seen2020-03-17
    modified2019-01-14
    plugin id121131
    published2019-01-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121131
    titleAmazon Linux AMI : clamav (ALAS-2019-1146)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201903-20.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201903-20 (cabextract, libmspack: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in cabextract and libmspack. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE&rsquo;s for details. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id123426
    published2019-03-28
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123426
    titleGLSA-201903-20 : cabextract, libmspack: Multiple vulnerabilities
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20181030_LIBMSPACK_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - libmspack: off-by-one error in the CHM PMGI/PMGL chunk number validity checks (CVE-2018-14679) - libmspack: off-by-one error in the CHM chunk number validity checks (CVE-2018-14680) - libmspack: out-of-bounds write in kwajd_read_headers in mspack/kwajd.c (CVE-2018-14681) - libmspack: off-by-one error in the TOLOWER() macro for CHM decompression (CVE-2018-14682)
    last seen2020-03-18
    modified2018-11-27
    plugin id119191
    published2018-11-27
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119191
    titleScientific Linux Security Update : libmspack on SL7.x x86_64 (20181030)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-EFF94DA132.NASL
    descriptionClamAV 0.100.2 has been released! This is a patch release to address several vulnerabilities. Fixes for the following ClamAV vulnerabilities: CVE-2018-15378: Vulnerability in ClamAV
    last seen2020-06-05
    modified2019-01-03
    plugin id120891
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120891
    titleFedora 28 : clamav (2018-eff94da132)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2018-3327.NASL
    descriptionAn update for libmspack is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The libmspack packages contain a library providing compression and extraction of the Cabinet (CAB) file format used by Microsoft. Security Fix(es) : * libmspack: off-by-one error in the CHM PMGI/PMGL chunk number validity checks (CVE-2018-14679) * libmspack: off-by-one error in the CHM chunk number validity checks (CVE-2018-14680) * libmspack: out-of-bounds write in kwajd_read_headers in mspack/kwajd.c (CVE-2018-14681) * libmspack: off-by-one error in the TOLOWER() macro for CHM decompression (CVE-2018-14682) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id119004
    published2018-11-16
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119004
    titleCentOS 7 : libmspack (CESA-2018:3327)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-1FC39F2D13.NASL
    descriptionClamAV 0.100.2 has been released! This is a patch release to address several vulnerabilities. Fixes for the following ClamAV vulnerabilities: CVE-2018-15378: Vulnerability in ClamAV
    last seen2020-06-05
    modified2018-10-17
    plugin id118159
    published2018-10-17
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118159
    titleFedora 27 : clamav (2018-1fc39f2d13)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3728-2.NASL
    descriptionUSN-3728-1 fixed several vulnerabilities in libmspack. In Ubuntu 14.04 libmspack is included into ClamAV. This update provides the corresponding update for Ubuntu 14.04 LTS. Original advisory details : Hanno Bock discovered that libmspack incorrectly handled certain CHM files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-14679, CVE-2018-14680) Jakub Wilk discovered that libmspack incorrectly handled certain KWAJ files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-14681) Dmitry Glavatskikh discovered that libmspack incorrectly certain CHM files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-14682). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id111526
    published2018-08-03
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111526
    titleUbuntu 14.04 LTS : clamav vulnerabilities (USN-3728-2)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-3327.NASL
    descriptionAn update for libmspack is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The libmspack packages contain a library providing compression and extraction of the Cabinet (CAB) file format used by Microsoft. Security Fix(es) : * libmspack: off-by-one error in the CHM PMGI/PMGL chunk number validity checks (CVE-2018-14679) * libmspack: off-by-one error in the CHM chunk number validity checks (CVE-2018-14680) * libmspack: out-of-bounds write in kwajd_read_headers in mspack/kwajd.c (CVE-2018-14681) * libmspack: off-by-one error in the TOLOWER() macro for CHM decompression (CVE-2018-14682) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id118541
    published2018-10-31
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118541
    titleRHEL 7 : libmspack (RHSA-2018:3327)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-889.NASL
    descriptionThis update for clamav to version 0.100.1 fixes the following issues: The following security vulnerabilities were addressed : - CVE-2018-0360: HWP integer overflow, infinite loop vulnerability (bsc#1101410) - CVE-2018-0361: PDF object length check, unreasonably long time to parse relatively small file (bsc#1101412) - CVE-2018-1000085: Fixed a out-of-bounds heap read in XAR parser (bsc#1082858) - CVE-2018-14679: Libmspack heap buffer over-read in CHM parser (bsc#1103040) - Buffer over-read in unRAR code due to missing max value checks in table initialization - PDF parser bugs The following other changes were made : - Disable YARA support for licensing reasons (bsc#1101654). - Add HTTPS support for clamsubmit - Fix for DNS resolution for users on IPv4-only machines where IPv6 is not available or is link-local only This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-05
    modified2018-08-20
    plugin id111998
    published2018-08-20
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111998
    titleopenSUSE Security Update : clamav (openSUSE-2018-889)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-DDDA173F56.NASL
    descriptionNew upstream version 0.7alpha. Fixes CVE-2018-14679 libmspack: off-by-one error in the CHM PMGI/PMGL chunk number validity checks Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2019-01-03
    plugin id120849
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120849
    titleFedora 28 : libmspack (2018-ddda173f56)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1460.NASL
    descriptionIt was discovered that there were several vulnerabilities in libsmpack, a library used to handle Microsoft compression formats. A remote attacker could craft malicious .CAB, .CHM or .KWAJ files and use these flaws to cause a denial of service via application crash, or potentially execute arbitrary code. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id111556
    published2018-08-07
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111556
    titleDebian DLA-1460-1 : libmspack security update
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0217_LIBMSPACK.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has libmspack packages installed that are affected by multiple vulnerabilities: - An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash). (CVE-2018-14679) - In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write. (CVE-2018-18584) - chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has
    last seen2020-06-01
    modified2020-06-02
    plugin id131413
    published2019-12-02
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131413
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : libmspack Multiple Vulnerabilities (NS-SA-2019-0217)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2019-1152.NASL
    descriptionAn issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.(CVE-2018-14682) An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.(CVE-2018-14680) An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash).(CVE-2018-14679) An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.(CVE-2018-14681)
    last seen2020-03-17
    modified2019-01-25
    plugin id121365
    published2019-01-25
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121365
    titleAmazon Linux 2 : libmspack (ALAS-2019-1152)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-3327.NASL
    descriptionFrom Red Hat Security Advisory 2018:3327 : An update for libmspack is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The libmspack packages contain a library providing compression and extraction of the Cabinet (CAB) file format used by Microsoft. Security Fix(es) : * libmspack: off-by-one error in the CHM PMGI/PMGL chunk number validity checks (CVE-2018-14679) * libmspack: off-by-one error in the CHM chunk number validity checks (CVE-2018-14680) * libmspack: out-of-bounds write in kwajd_read_headers in mspack/kwajd.c (CVE-2018-14681) * libmspack: off-by-one error in the TOLOWER() macro for CHM decompression (CVE-2018-14682) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id118783
    published2018-11-07
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118783
    titleOracle Linux 7 : libmspack (ELSA-2018-3327)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-2323-2.NASL
    descriptionThis update for clamav to version 0.100.1 fixes the following issues : The following security vulnerabilities were addressed : CVE-2018-0360: HWP integer overflow, infinite loop vulnerability (bsc#1101410) CVE-2018-0361: PDF object length check, unreasonably long time to parse relatively small file (bsc#1101412) CVE-2018-1000085: Fixed a out-of-bounds heap read in XAR parser (bsc#1082858) CVE-2018-14679: Libmspack heap buffer over-read in CHM parser (bsc#1103040) Buffer over-read in unRAR code due to missing max value checks in table initialization PDF parser bugs The following other changes were made: Disable YARA support for licensing reasons (bsc#1101654). Add HTTPS support for clamsubmit Fix for DNS resolution for users on IPv4-only machines where IPv6 is not available or is link-local only Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id118280
    published2018-10-22
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118280
    titleSUSE SLES12 Security Update : clamav (SUSE-SU-2018:2323-2)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1435.NASL
    descriptionAccording to the versions of the libmspack package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - libmspack: off-by-one error in the CHM PMGI/PMGL chunk number validity checks (CVE-2018-14679) - libmspack: off-by-one error in the CHM chunk number validity checks (CVE-2018-14680) - libmspack: out-of-bounds write in kwajd_read_headers in mspack/kwajd.c (CVE-2018-14681) - libmspack: off-by-one error in the TOLOWER() macro for CHM decompression (CVE-2018-14682) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2018-12-28
    plugin id119924
    published2018-12-28
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119924
    titleEulerOS 2.0 SP2 : libmspack (EulerOS-SA-2018-1435)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1436.NASL
    descriptionAccording to the versions of the libmspack package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - libmspack: off-by-one error in the CHM PMGI/PMGL chunk number validity checks (CVE-2018-14679) - libmspack: off-by-one error in the CHM chunk number validity checks (CVE-2018-14680) - libmspack: out-of-bounds write in kwajd_read_headers in mspack/kwajd.c (CVE-2018-14681) - libmspack: off-by-one error in the TOLOWER() macro for CHM decompression (CVE-2018-14682) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2018-12-28
    plugin id119925
    published2018-12-28
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119925
    titleEulerOS 2.0 SP3 : libmspack (EulerOS-SA-2018-1436)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-E1ADECD46C.NASL
    descriptionNew upstream version 0.7alpha. Fixes CVE-2018-14679 libmspack: off-by-one error in the CHM PMGI/PMGL chunk number validity checks Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2018-08-13
    plugin id111654
    published2018-08-13
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111654
    titleFedora 27 : libmspack (2018-e1adecd46c)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-2323-1.NASL
    descriptionThis update for clamav to version 0.100.1 fixes the following issues: The following security vulnerabilities were addressed : - CVE-2018-0360: HWP integer overflow, infinite loop vulnerability (bsc#1101410) - CVE-2018-0361: PDF object length check, unreasonably long time to parse relatively small file (bsc#1101412) - CVE-2018-1000085: Fixed a out-of-bounds heap read in XAR parser (bsc#1082858) - CVE-2018-14679: Libmspack heap buffer over-read in CHM parser (bsc#1103040) - Buffer over-read in unRAR code due to missing max value checks in table initialization - PDF parser bugs The following other changes were made : - Disable YARA support for licensing reasons (bsc#1101654). - Add HTTPS support for clamsubmit - Fix for DNS resolution for users on IPv4-only machines where IPv6 is not available or is link-local only Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id111744
    published2018-08-15
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111744
    titleSUSE SLED12 / SLES12 Security Update : clamav (SUSE-SU-2018:2323-1)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-2_0-0110_LIBMSPACK.NASL
    descriptionAn update of the libmspack package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id122008
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122008
    titlePhoton OS 2.0: Libmspack PHSA-2018-2.0-0110
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_8B812395C73911E8AB5B9C5C8E75236A.NASL
    descriptionJoel Esler reports : - CVE-2018-15378 : - Vulnerability in ClamAV
    last seen2020-06-01
    modified2020-06-02
    plugin id117911
    published2018-10-04
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117911
    titleFreeBSD : clamav -- multiple vulnerabilities (8b812395-c739-11e8-ab5b-9c5c8e75236a)

Redhat

advisories
  • rhsa
    idRHSA-2018:3327
  • rhsa
    idRHSA-2018:3505
rpms
  • libmspack-0:0.5-0.6.alpha.el7
  • libmspack-debuginfo-0:0.5-0.6.alpha.el7
  • libmspack-devel-0:0.5-0.6.alpha.el7