Vulnerability CVE-2017-6419: Information

Description

mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file.

Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2017-6419
Published: Aug. 7, 2017
Modified: Oct. 21, 2018
Error type identifier: CWE-119

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
clamavsisyphus0.99.4-alt10.103.8-alt1ALT-PU-2018-1363-1201316Fixed
clamavp100.99.4-alt10.103.8-alt1ALT-PU-2018-1363-1201316Fixed
clamavp90.99.4-alt10.103.8-alt1ALT-PU-2018-1363-1201316Fixed
clamavp80.99.4-alt0.M80P.10.103.8-alt1ALT-PU-2018-1365-1201318Fixed
clamavc10f10.99.4-alt10.103.8-alt1ALT-PU-2018-1363-1201316Fixed
clamavc9f20.99.4-alt10.103.8-alt1ALT-PU-2018-1363-1201316Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://github.com/vrtadmin/clamav-devel/commit/a83773682e856ad6529ba6db8d1792e6d515d7f1
  • Issue Tracking
  • Patch
  • Third Party Advisory
https://github.com/varsleak/varsleak-vul/blob/master/clamav-vul/heap-overflow/clamav_chm_crash.md
  • Third Party Advisory
https://bugzilla.clamav.net/show_bug.cgi?id=11701
  • Issue Tracking
DSA-3946
    [debian-lts-announce] 20180212 [SECURITY] [DLA 1279-1] clamav security update
      GLSA-201804-16

          1. Configuration 1

            cpe:2.3:a:libmspack_project:libmspack:0.5:alpha:*:*:*:*:*:*
            Running on/with:
            cpe:2.3:a:clamav:clamav:0.99.2:*:*:*:*:*:*:*
        VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
        Version: v24.4.2
        Back to top