Vulnerability CVE-2017-6419: Information
Description
mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file.
Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
clamav | sisyphus | 0.99.4-alt1 | 0.103.8-alt1 | ALT-PU-2018-1363-1 | 201316 | Fixed |
clamav | p10 | 0.99.4-alt1 | 0.103.8-alt1 | ALT-PU-2018-1363-1 | 201316 | Fixed |
clamav | p9 | 0.99.4-alt1 | 0.103.8-alt1 | ALT-PU-2018-1363-1 | 201316 | Fixed |
clamav | p8 | 0.99.4-alt0.M80P.1 | 0.103.8-alt1 | ALT-PU-2018-1365-1 | 201318 | Fixed |
clamav | c10f1 | 0.99.4-alt1 | 0.103.8-alt1 | ALT-PU-2018-1363-1 | 201316 | Fixed |
clamav | c9f2 | 0.99.4-alt1 | 0.103.8-alt1 | ALT-PU-2018-1363-1 | 201316 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://github.com/vrtadmin/clamav-devel/commit/a83773682e856ad6529ba6db8d1792e6d515d7f1 |
|
https://github.com/varsleak/varsleak-vul/blob/master/clamav-vul/heap-overflow/clamav_chm_crash.md |
|
https://bugzilla.clamav.net/show_bug.cgi?id=11701 |
|
DSA-3946 | |
[debian-lts-announce] 20180212 [SECURITY] [DLA 1279-1] clamav security update | |
GLSA-201804-16 |