Published: 11/06/2015 Updated: 27/06/2016

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

The chmd_init_decomp function in chmd.c in libmspack prior to 0.5 does not properly validate the reset interval, which allows remote malicious users to cause a denial of service (divide-by-zero error and application crash) via a crafted CHM file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libmspack project libmspack

Debian Bug report logs - #774725 libmspack: CVE-2015-4467: CHM decompression: division by zero Package: libmspack0; Maintainer for libmspack0 is Marc Dequènes (Duck) <Duck@DuckCorporg>; Source for libmspack0 is src:libmspack (PTS, buildd, popcon) Reported by: Jakub Wilk <jwilk@debianorg> Date: Tue, 6 Jan 2015 20: ...

CWE-189 http://anonscm.debian.org/cgit/collab-maint/libmspack.git/diff/debian/patches/fix-division-by-zero.patch?id=a25bb144795e526748b57884daf365732c7e2295 https://bugs.debian.org/774725 http://openwall.com/lists/oss-security/2015/02/03/11 http://www.securityfocus.com/bid/72488 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774725 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2015-4467

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect