SB2018080142 - Fedora EPEL 7 update for libmspack

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018080142

SB2018080142 - Fedora EPEL 7 update for libmspack

Published: August 1, 2018 Updated: April 24, 2025

Security Bulletin ID SB2018080142
Severity
Low
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Local access
Highest impact Denial of service

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Stack-based buffer overflow (CVE-ID: CVE-2018-14679)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The vulnerability exists due to stack-based buffer overflow the read_chunk function, as defined in the mspack/chmd.c source code file. A local attacker can send a specially crafted request that submits malicious input, trigger memory corruption and cause the service to crash.


2) Improper input validation (CVE-ID: CVE-2018-14680)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The vulnerability exists due to the chmd_read_headers() function, as defined in the mspack/chmd.c source code file of the affected software, does not reject blank CHM filenames. A local attacker can submit a CHM file with a blank filename and cause the service to crash.


3) Stack-based buffer overflow (CVE-ID: CVE-2018-14682)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The vulnerability exists due to stack-based buffer overflow in the tolower macro, as defined in the mspack/chmd.c source code file. A local attacker can send a specially crafted request that submits malicious input, trigger memory corruption and cause the service to crash.


Remediation

Install update from vendor's website.

References