PT-2019-4926 · Libmspack+6 · Libmspack+6

Jshuang

Publicado

2019-02-18

Atualizado

2025-10-01

CVE-2019-1010305

CVSS v2.0

7.1

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions libmspack version 0.9.1alpha

Description The issue is caused by a buffer overflow in the chmd read headers() function in the libmspack library, which can allow a remote attacker to disclose protected information using a specially crafted chm file. The attack vector involves the victim opening a maliciously created chm file.

Recommendations For libmspack version 0.9.1alpha, update to a version after commit 2f084136cfe0d05e5bf5703f3e83c6d955234b4d to resolve the issue. As a temporary workaround, consider avoiding the use of the chmd read headers() function until a patch is available. Restrict access to specially crafted chm files to minimize the risk of exploitation.

Exploit

Correção

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

ALSA-2020:1686

BDU:2020-01531

CESA-2020_1686

CESA-2020_3848

CVE-2019-1010305

DLA-1895-1

DLA-2805-1

MGASA-2019-0248

OPENSUSE-SU-2020:0746-1

OPENSUSE-SU-2020_0746-1

OPENSUSE-SU-2024:13619-1

RHSA-2020:1686

RHSA-2020:3848

RHSA-2020_1686

RHSA-2020_3848

RLSA-2020:1686

SUSE-SU-2020:1493-1

SUSE-SU-2020:2711-1

SUSE-SU-2020_1493-1

USN-4066-1

USN-4066-2

USN-7788-1

Produtos afetados

Almalinux

Centos

Red Hat

Rocky Linux

Suse

Ubuntu

Libmspack

PT-2019-4926 · Libmspack+6 · Libmspack+6

CVE-2019-1010305

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 69