Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.5
CVSSv3

CVE-2017-11423

Published: 18/07/2017 Updated: 03/10/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Libmspack Project

Vulnerability Summary

The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2 and other products, allows remote malicious users to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

libmspack_project libmspack 0.5

Vendor Advisories

Ubuntu Security Notice: libmspack vulnerabilities
Several security issues were fixed in libmspack ...
Debian CVElist Bug Report Logs: libmspack: CVE-2017-11423
Debian Bug report logs - #868956 libmspack: CVE-2017-11423 Package: src:libmspack; Maintainer for src:libmspack is Marc Dequènes (Duck) <Duck@DuckCorporg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 19 Jul 2017 20:18:03 UTC Severity: grave Tags: security, upstream Found in version libmspack/0 ...
Debian CVElist Bug Report Logs: libmspack: CVE-2017-6419
Debian Bug report logs - #871263 libmspack: CVE-2017-6419 Package: src:libmspack; Maintainer for src:libmspack is Marc Dequènes (Duck) <Duck@DuckCorporg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 7 Aug 2017 13:24:01 UTC Severity: grave Tags: security, upstream Found in version libmspack/0 ...
Amazon Linux AMI: ALAS-2018-976
Heap-based buffer overflow in mspack/lzxdcmspack/lzxdc in libmspack 05alpha, as used in ClamAV 0992, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file (CVE-2017-6419) Out-of-bounds access in the PDF parser (CVE-2018-0202) A V ...
Red Hat: CVE-2017-11423
The cabd_read_string function in mspack/cabdc in libmspack 05alpha, as used in ClamAV 0992 and other products, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file ...
Arch Linux Issues:
The cabd_read_string function in mspack/cabdc in libmspack 05alpha, as used in ClamAV before 0994 and other products, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file ...

References

CWE-125https://github.com/hackerlib/hackerlib-vul/tree/master/clamav-vulhttps://bugzilla.clamav.net/show_bug.cgi?id=11873http://www.debian.org/security/2017/dsa-3946https://lists.debian.org/debian-lts-announce/2018/02/msg00014.htmlhttps://security.gentoo.org/glsa/201804-16https://usn.ubuntu.com/3394-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
IMAPCVE-2024-4367server-side request forgeryinformation disclosureCVE-2024-34342CVE-2024-4281CVE-2024-3507CVE-2024-25560CVE-2024-34574
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook