CVE-2019-1010305 (retired)

Priority
Description
libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is:
Information Disclosure. The component is: function chmd_read_headers() in
libmspack(file libmspack/mspack/chmd.c). The attack vector is: the victim
must open a specially crafted chm file. The fixed version is: after commit
2f084136cfe0d05e5bf5703f3e83c6d955234b4d.
Notes
 mdeslaur> clamav in xenial+ uses the system libmspack, trusty uses
 mdeslaur> the embedded one.
Assigned-to
leosilva
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):released (0.100.3+dfsg-1ubuntu0.12.04.2)
Ubuntu 14.04 ESM (Trusty Tahr):released (0.100.3+dfsg-0ubuntu0.14.04.1+esm1)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (uses system libmspack)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (uses system libmspack)
Ubuntu 19.04 (Disco Dingo):not-affected (uses system libmspack)
Ubuntu 19.10 (Eoan):not-affected (uses system libmspack)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (0.5-1ubuntu0.16.04.4)
Ubuntu 18.04 LTS (Bionic Beaver):released (0.6-3ubuntu0.3)
Ubuntu 19.04 (Disco Dingo):released (0.10.1-1)
Ubuntu 19.10 (Eoan):released (0.10.1-1)
More Information

Updated: 2019-07-24 13:15:52 UTC (commit a287546e8136670c5866b28fff2bebda1d92a7e1)