Libmspack Kyzer Libmspack

Do you want an email whenever new security vulnerabilities are reported in Kyzer Libmspack?

By the Year

In 2024 there have been 0 vulnerabilities in Kyzer Libmspack . Libmspack did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 0 0.00
2022 0 0.00
2021 0 0.00
2020 0 0.00
2019 1 5.50
2018 2 4.80

It may take a day or so for new Libmspack vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Kyzer Libmspack Security Vulnerabilities

libmspack 0.9.1alpha is affected by: Buffer Overflow

CVE-2019-1010305 5.5 - Medium - July 15, 2019

libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmd_read_headers() in libmspack(file libmspack/mspack/chmd.c). The attack vector is: the victim must open a specially crafted chm file. The fixed version is: after commit 2f084136cfe0d05e5bf5703f3e83c6d955234b4d.

Buffer Overflow

chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename

CVE-2018-18585 4.3 - Medium - October 23, 2018

chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name).

NULL Pointer Dereference

chmextract.c in the chmextract sample program

CVE-2018-18586 5.3 - Medium - October 23, 2018

chmextract.c in the chmextract sample program, as distributed with libmspack before 0.8alpha, does not protect against absolute/relative pathnames in CHM files, leading to Directory Traversal. NOTE: the vendor disputes that this is a libmspack vulnerability, because chmextract.c was only intended as a source-code example, not a supported application

Directory traversal

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Kyzer Libmspack or by Kyzer? Click the Watch button to subscribe.

Kyzer
Vendor

subscribe