Vulnerability CVE-2018-14681: Information
Description
An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.
Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
cabextract | sisyphus | 1.6-alt1 | 1.11-alt1 | ALT-PU-2016-1082-1 | 158192 | Fixed |
cabextract | p10 | 1.6-alt1 | 1.7-alt1 | ALT-PU-2016-1082-1 | 158192 | Fixed |
cabextract | p9 | 1.6-alt1 | 1.7-alt1 | ALT-PU-2016-1082-1 | 158192 | Fixed |
cabextract | c10f1 | 1.6-alt1 | 1.7-alt1 | ALT-PU-2016-1082-1 | 158192 | Fixed |
cabextract | c9f2 | 1.6-alt1 | 1.7-alt1 | ALT-PU-2016-1082-1 | 158192 | Fixed |
clamav | sisyphus | 0.100.2-alt1 | 0.103.8-alt1 | ALT-PU-2018-2498-1 | 215109 | Fixed |
clamav | p10 | 0.100.2-alt1 | 0.103.8-alt1 | ALT-PU-2018-2498-1 | 215109 | Fixed |
clamav | p9 | 0.100.2-alt1 | 0.103.8-alt1 | ALT-PU-2018-2498-1 | 215109 | Fixed |
clamav | p8 | 0.100.2-alt0.M80P.1 | 0.103.8-alt1 | ALT-PU-2018-2506-1 | 215132 | Fixed |
clamav | c10f1 | 0.100.2-alt1 | 0.103.8-alt1 | ALT-PU-2018-2498-1 | 215109 | Fixed |
clamav | c9f2 | 0.100.2-alt1 | 0.103.8-alt1 | ALT-PU-2018-2498-1 | 215109 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://github.com/kyz/libmspack/commit/0b0ef9344255ff5acfac6b7af09198ac9c9756c8 |
|
https://bugs.debian.org/904799 |
|
http://www.openwall.com/lists/oss-security/2018/07/26/1 |
|
USN-3728-1 |
|
DSA-4260 |
|
USN-3728-3 |
|
1041410 |
|
[debian-lts-announce] 20180806 [SECURITY] [DLA-1460-1] libmspack security update |
|
USN-3728-2 |
|
USN-3789-2 |
|
RHSA-2018:3327 |
|
RHSA-2018:3505 |
|
GLSA-201903-20 |
|