PT-2015-4271 · Microsoft+1 · Libmspack+1

Jakub Wilk

Published

2015-01-30

Updated

2018-10-30

CVE-2014-9556

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions libmspack version 0.4

Description The issue is caused by an integer overflow in the qtmd decompress function, which allows remote attackers to cause a denial of service via a crafted CAB file. This triggers an infinite loop.

Recommendations For libmspack version 0.4, update to a version that fixes the integer overflow in the qtmd decompress function to prevent remote attackers from causing a denial of service.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-189

Related Identifiers

CVE-2014-9556

MGASA-2015-0052

OPENSUSE-SU-2024:10365-1

SUSE-SU-2015:0366-1

SUSE-SU-2015:0506-1

SUSE-SU-2015:0508-1

SUSE-SU-2015:2131-1

SUSE-SU-2015_0366-1

SUSE-SU-2015_0506-1

SUSE-SU-2015_0508-1

SUSE-SU-2015_2131-1

Affected Products

Suse

Libmspack

PT-2015-4271 · Microsoft+1 · Libmspack+1

CVE-2014-9556

Weakness Enumeration

Related Identifiers

Affected Products

References · 46