CVE-2018-14679

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions libmspack versions prior to 0.7alpha

Description An issue was discovered in the chmd.c file of libmspack, where an off-by-one error in the CHM PMGI/PMGL chunk number validity checks could lead to denial of service. This occurs due to an uninitialized data dereference, resulting in an application crash.

Recommendations For versions prior to 0.7alpha, update to version 0.7alpha or later to resolve the issue. As a temporary workaround, consider restricting the use of the chmd.c file until a patch is available.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-193

Related Identifiers

ALT-PU-2016-1082

CESA-2018_3327

CVE-2018-14679

DLA-1460-1

DSA-4260-1

MGASA-2018-0455

OPENSUSE-SU-2018_2406-1

OPENSUSE-SU-2021:1200-1

OPENSUSE-SU-2021:2802-1

OPENSUSE-SU-2021_1200-1

OPENSUSE-SU-2021_2802-1

OPENSUSE-SU-2024:10958-1

OPENSUSE-SU-2025:14683-1

OPENSUSE-SU-2025_0327-1

RHSA-2018:3327

RHSA-2018_3327

SUSE-SU-2018:2323-1

SUSE-SU-2018:2323-2

SUSE-SU-2021:14850-1

SUSE-SU-2021:2802-1

SUSE-SU-2021:3853-1

SUSE-SU-2021:3859-1

SUSE-SU-2021_14850-1

SUSE-SU-2021_2802-1

SUSE-SU-2021_3853-1

SUSE-SU-2021_3859-1

SUSE-SU-2025:0325-1

SUSE-SU-2025:0327-1

SUSE-SU-2025:0328-1

USN-3728-1

USN-3728-2

USN-3728-3

USN-3789-2

USN-7788-1

Affected Products

Alt Linux

Centos

Red Hat

Suse

Ubuntu

Libmspack

CVE-2018-14679

Weakness Enumeration

Related Identifiers

Affected Products

References · 101