PT-2018-12657 · Mspack+5 · Libmspack+5

Hanno Böck

Published

2016-02-07

Updated

2026-02-06

CVE-2018-14680

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions libmspack versions prior to 0.7alpha

Description An issue was discovered in mspack/chmd.c where it does not reject blank CHM filenames.

Recommendations For versions prior to 0.7alpha, update to version 0.7alpha or later to resolve the issue. As a temporary workaround, consider validating CHM filenames to reject blank names until a patch is available.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2016-1082

ALT-PU-2018-2498

CESA-2018_3327

CLEANSTART-2026-LA13761

CLEANSTART-2026-NJ87139

CLEANSTART-2026-TC95380

CLEANSTART-2026-WX01708

CVE-2018-14680

DLA-1460-1

DSA-4260-1

MGASA-2018-0455

OPENSUSE-SU-2018_3315-1

OPENSUSE-SU-2018_3505-1

OPENSUSE-SU-2024:10685-1

OPENSUSE-SU-2024:10958-1

RHSA-2018:3327

RHSA-2018_3327

SUSE-SU-2018:3250-1

SUSE-SU-2018:3436-1

SUSE-SU-2018:3436-2

SUSE-SU-2018:3441-1

SUSE-SU-2018_3250-1

SUSE-SU-2018_3436-1

SUSE-SU-2018_3436-2

SUSE-SU-2018_3441-1

USN-3728-1

USN-3728-2

USN-3728-3

USN-3789-2

USN-7788-1

Affected Products

Alt Linux

Centos

Red Hat

Suse

Ubuntu

Libmspack

PT-2018-12657 · Mspack+5 · Libmspack+5

CVE-2018-14680

Weakness Enumeration

Related Identifiers

Affected Products

References · 200