CVE-2018-14681

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions libmspack versions prior to 0.7alpha

Description The issue is related to the kwajd read headers function in libmspack, which can cause a one or two byte overwrite due to bad KWAJ file header extensions. This can lead to a buffer overflow in memory. The exploitation of this issue may allow a remote attacker to cause a denial of service using a KWAJ file.

Recommendations For versions prior to 0.7alpha, update to version 0.7alpha or later to resolve the issue. As a temporary workaround, consider restricting the use of the kwajd read headers function until a patch is available. Avoid using the kwajd read headers function with untrusted KWAJ files to minimize the risk of exploitation.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALT-PU-2016-1082

ALT-PU-2018-2498

BDU:2020-01873

CESA-2018_3327

CLEANSTART-2026-LA13761

CLEANSTART-2026-NJ87139

CLEANSTART-2026-TC95380

CLEANSTART-2026-WX01708

CVE-2018-14681

DLA-1460-1

DSA-4260-1

MGASA-2018-0455

OPENSUSE-SU-2018_3315-1

OPENSUSE-SU-2018_3505-1

OPENSUSE-SU-2021:1200-1

OPENSUSE-SU-2021:2802-1

OPENSUSE-SU-2021_1200-1

OPENSUSE-SU-2021_2802-1

OPENSUSE-SU-2024:10958-1

RHSA-2018:3327

RHSA-2018_3327

SUSE-SU-2018:3250-1

SUSE-SU-2018:3436-1

SUSE-SU-2018:3436-2

SUSE-SU-2018:3441-1

SUSE-SU-2021:2765-1

SUSE-SU-2021:2802-1

SUSE-SU-2021_2765-1

USN-3728-1

USN-3728-2

USN-3728-3

USN-3789-2

USN-7788-1

Affected Products

Alt Linux

Centos

Red Hat

Suse

Ubuntu

Libmspack

CVE-2018-14681

Weakness Enumeration

Related Identifiers

Affected Products

References · 160