CVE-2019-1010305

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions libmspack version 0.9.1alpha

Description The issue is caused by a buffer overflow in the chmd read headers() function in the libmspack library, which can allow a remote attacker to disclose protected information using a specially crafted chm file. The attack vector involves the victim opening a maliciously created chm file.

Recommendations For libmspack version 0.9.1alpha, update to a version after commit 2f084136cfe0d05e5bf5703f3e83c6d955234b4d to resolve the issue. As a temporary workaround, consider avoiding the use of the chmd read headers() function until a patch is available. Restrict access to specially crafted chm files to minimize the risk of exploitation.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALSA-2020:1686

BDU:2020-01531

CESA-2020_1686

CESA-2020_3848

CVE-2019-1010305

DLA-1895-1

DLA-2805-1

MGASA-2019-0248

OPENSUSE-SU-2020:0746-1

OPENSUSE-SU-2020_0746-1

OPENSUSE-SU-2024:13619-1

RHSA-2020:1686

RHSA-2020:3848

RHSA-2020_1686

RHSA-2020_3848

RLSA-2020:1686

SUSE-SU-2020:1493-1

SUSE-SU-2020:2711-1

SUSE-SU-2020_1493-1

USN-4066-1

USN-4066-2

USN-7788-1

Affected Products

Almalinux

Centos

Red Hat

Rocky Linux

Suse

Ubuntu

Libmspack

CVE-2019-1010305

Weakness Enumeration

Related Identifiers

Affected Products

References · 69