Published: 07/08/2017 Updated: 21/10/2018

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote malicious users to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libmspack_project libmspack 0.5

Debian Bug report logs - #868956 libmspack: CVE-2017-11423 Package: src:libmspack; Maintainer for src:libmspack is Marc Dequènes (Duck) <Duck@DuckCorporg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 19 Jul 2017 20:18:03 UTC Severity: grave Tags: security, upstream Found in version libmspack/0 ...

Debian Bug report logs - #871263 libmspack: CVE-2017-6419 Package: src:libmspack; Maintainer for src:libmspack is Marc Dequènes (Duck) <Duck@DuckCorporg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 7 Aug 2017 13:24:01 UTC Severity: grave Tags: security, upstream Found in version libmspack/0 ...

Several security issues were fixed in ClamAV ...

Several security issues were fixed in libmspack ...

Several security issues were fixed in ClamAV ...

Heap-based buffer overflow in mspack/lzxdc:mspack/lzxdc in libmspack 05alpha, as used in ClamAV 0992, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file(CVE-2017-6419) The wwunpack function in libclamav/wwunpackc in ClamAV 0 ...

Heap-based buffer overflow in mspack/lzxdcmspack/lzxdc in libmspack 05alpha, as used in ClamAV 0992, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file (CVE-2017-6419) Out-of-bounds access in the PDF parser (CVE-2018-0202) A V ...

mspack/lzxdc in libmspack 05alpha, as used in ClamAV 0992, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file ...

mspack/lzxdc in libmspack 05alpha, as used in ClamAV before 0994, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code via a crafted CHM file ...

CWE-119 https://github.com/vrtadmin/clamav-devel/commit/a83773682e856ad6529ba6db8d1792e6d515d7f1 https://github.com/varsleak/varsleak-vul/blob/master/clamav-vul/heap-overflow/clamav_chm_crash.md https://bugzilla.clamav.net/show_bug.cgi?id=11701 http://www.debian.org/security/2017/dsa-3946 https://lists.debian.org/debian-lts-announce/2018/02/msg00014.html https://security.gentoo.org/glsa/201804-16 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868956 https://usn.ubuntu.com/3393-2/

CVE-2017-6419

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect