Search for packages
| purl | pkg:deb/debian/libmspack@0.10.1-1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-4pxy-6rjv-aaae | In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write. |
CVE-2018-18584
|
| VCID-8pm8-hj6d-aaaq | The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2 and other products, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file. |
CVE-2017-11423
|
| VCID-acxu-8qcw-aaan | An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash). |
CVE-2018-14679
|
| VCID-j3u4-a9cj-aaap | An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames. |
CVE-2018-14680
|
| VCID-mn2e-rngd-aaae | libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmd_read_headers() in libmspack(file libmspack/mspack/chmd.c). The attack vector is: the victim must open a specially crafted chm file. The fixed version is: after commit 2f084136cfe0d05e5bf5703f3e83c6d955234b4d. |
CVE-2019-1010305
|
| VCID-pd2b-aqnw-aaam | chmextract.c in the chmextract sample program, as distributed with libmspack before 0.8alpha, does not protect against absolute/relative pathnames in CHM files, leading to Directory Traversal. NOTE: the vendor disputes that this is a libmspack vulnerability, because chmextract.c was only intended as a source-code example, not a supported application |
CVE-2018-18586
|
| VCID-q3fd-q3r3-aaas | mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file. |
CVE-2017-6419
|
| VCID-rrcd-7j67-aaaf | An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite. |
CVE-2018-14681
|
| VCID-ruev-xj9h-aaab | chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name). |
CVE-2018-18585
|
| VCID-yng9-6r39-aaap | An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression. |
CVE-2018-14682
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-22T06:02:48.997831+00:00 | Debian Importer | Fixing | VCID-pd2b-aqnw-aaam | None | 36.1.3 |
| 2025-06-21T18:58:41.781161+00:00 | Debian Oval Importer | Fixing | VCID-q3fd-q3r3-aaas | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.3 |
| 2025-06-21T15:51:09.442594+00:00 | Debian Oval Importer | Fixing | VCID-j3u4-a9cj-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T15:40:38.034857+00:00 | Debian Oval Importer | Fixing | VCID-mn2e-rngd-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T14:59:29.333372+00:00 | Debian Oval Importer | Fixing | VCID-q3fd-q3r3-aaas | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T14:55:20.632133+00:00 | Debian Oval Importer | Fixing | VCID-yng9-6r39-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T14:37:10.655066+00:00 | Debian Oval Importer | Fixing | VCID-acxu-8qcw-aaan | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T14:01:20.499358+00:00 | Debian Oval Importer | Fixing | VCID-rrcd-7j67-aaaf | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T14:00:47.048565+00:00 | Debian Oval Importer | Fixing | VCID-4pxy-6rjv-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T13:24:45.825488+00:00 | Debian Oval Importer | Fixing | VCID-8pm8-hj6d-aaaq | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T13:08:05.237896+00:00 | Debian Oval Importer | Fixing | VCID-ruev-xj9h-aaab | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T11:51:14.705995+00:00 | Debian Oval Importer | Fixing | VCID-pd2b-aqnw-aaam | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T01:25:13.831246+00:00 | Debian Oval Importer | Fixing | VCID-8pm8-hj6d-aaaq | None | 36.1.3 |
| 2025-06-21T01:02:25.438868+00:00 | Debian Oval Importer | Fixing | VCID-4pxy-6rjv-aaae | None | 36.1.3 |
| 2025-06-21T00:40:13.141991+00:00 | Debian Oval Importer | Fixing | VCID-acxu-8qcw-aaan | None | 36.1.3 |
| 2025-06-21T00:31:57.588535+00:00 | Debian Oval Importer | Fixing | VCID-q3fd-q3r3-aaas | None | 36.1.3 |
| 2025-06-21T00:26:59.874521+00:00 | Debian Oval Importer | Fixing | VCID-pd2b-aqnw-aaam | None | 36.1.3 |
| 2025-06-20T23:32:49.644079+00:00 | Debian Oval Importer | Fixing | VCID-j3u4-a9cj-aaap | None | 36.1.3 |
| 2025-06-20T23:10:51.308006+00:00 | Debian Oval Importer | Fixing | VCID-yng9-6r39-aaap | None | 36.1.3 |
| 2025-06-20T23:06:09.303207+00:00 | Debian Oval Importer | Fixing | VCID-rrcd-7j67-aaaf | None | 36.1.3 |
| 2025-06-20T21:23:53.513466+00:00 | Debian Oval Importer | Fixing | VCID-mn2e-rngd-aaae | None | 36.1.3 |
| 2025-06-20T20:41:16.558126+00:00 | Debian Oval Importer | Fixing | VCID-ruev-xj9h-aaab | None | 36.1.3 |
| 2025-06-08T13:17:19.522038+00:00 | Debian Oval Importer | Fixing | VCID-ruev-xj9h-aaab | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T12:50:58.974032+00:00 | Debian Oval Importer | Fixing | VCID-yng9-6r39-aaap | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T11:28:04.204242+00:00 | Debian Oval Importer | Fixing | VCID-q3fd-q3r3-aaas | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T08:44:31.029833+00:00 | Debian Oval Importer | Fixing | VCID-j3u4-a9cj-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T08:34:46.044145+00:00 | Debian Oval Importer | Fixing | VCID-mn2e-rngd-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T07:52:49.804822+00:00 | Debian Oval Importer | Fixing | VCID-q3fd-q3r3-aaas | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T07:48:49.077417+00:00 | Debian Oval Importer | Fixing | VCID-yng9-6r39-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T07:30:17.536997+00:00 | Debian Oval Importer | Fixing | VCID-acxu-8qcw-aaan | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T06:55:25.153922+00:00 | Debian Oval Importer | Fixing | VCID-rrcd-7j67-aaaf | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T06:54:53.718766+00:00 | Debian Oval Importer | Fixing | VCID-4pxy-6rjv-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T06:18:54.227482+00:00 | Debian Oval Importer | Fixing | VCID-8pm8-hj6d-aaaq | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T06:02:56.811559+00:00 | Debian Oval Importer | Fixing | VCID-ruev-xj9h-aaab | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T05:04:45.685833+00:00 | Debian Oval Importer | Fixing | VCID-pd2b-aqnw-aaam | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-07T18:48:03.044119+00:00 | Debian Oval Importer | Fixing | VCID-8pm8-hj6d-aaaq | None | 36.1.0 |
| 2025-06-07T18:24:55.586457+00:00 | Debian Oval Importer | Fixing | VCID-4pxy-6rjv-aaae | None | 36.1.0 |
| 2025-06-07T18:02:47.867165+00:00 | Debian Oval Importer | Fixing | VCID-acxu-8qcw-aaan | None | 36.1.0 |
| 2025-06-07T17:54:36.482631+00:00 | Debian Oval Importer | Fixing | VCID-q3fd-q3r3-aaas | None | 36.1.0 |
| 2025-06-07T17:49:43.471894+00:00 | Debian Oval Importer | Fixing | VCID-pd2b-aqnw-aaam | None | 36.1.0 |
| 2025-06-07T16:55:45.208144+00:00 | Debian Oval Importer | Fixing | VCID-j3u4-a9cj-aaap | None | 36.1.0 |
| 2025-06-07T16:33:58.124128+00:00 | Debian Oval Importer | Fixing | VCID-yng9-6r39-aaap | None | 36.1.0 |
| 2025-06-07T16:29:20.474877+00:00 | Debian Oval Importer | Fixing | VCID-rrcd-7j67-aaaf | None | 36.1.0 |
| 2025-06-07T14:47:09.705822+00:00 | Debian Oval Importer | Fixing | VCID-mn2e-rngd-aaae | None | 36.1.0 |
| 2025-06-07T14:13:16.930982+00:00 | Debian Oval Importer | Fixing | VCID-ruev-xj9h-aaab | None | 36.1.0 |
| 2025-04-12T20:50:37.333499+00:00 | Debian Oval Importer | Fixing | VCID-rrcd-7j67-aaaf | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T20:42:32.942836+00:00 | Debian Oval Importer | Fixing | VCID-acxu-8qcw-aaan | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T20:25:11.879047+00:00 | Debian Oval Importer | Fixing | VCID-mn2e-rngd-aaae | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T19:43:02.246949+00:00 | Debian Oval Importer | Fixing | VCID-pd2b-aqnw-aaam | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T19:40:45.302119+00:00 | Debian Oval Importer | Fixing | VCID-j3u4-a9cj-aaap | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T19:31:56.087440+00:00 | Debian Oval Importer | Fixing | VCID-4pxy-6rjv-aaae | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T19:09:03.894633+00:00 | Debian Oval Importer | Fixing | VCID-8pm8-hj6d-aaaq | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T19:05:19.239447+00:00 | Debian Oval Importer | Fixing | VCID-ruev-xj9h-aaab | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T18:38:01.126999+00:00 | Debian Oval Importer | Fixing | VCID-yng9-6r39-aaap | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T17:12:16.331828+00:00 | Debian Oval Importer | Fixing | VCID-q3fd-q3r3-aaas | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-08T07:16:02.987800+00:00 | Debian Oval Importer | Fixing | VCID-j3u4-a9cj-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T07:06:11.101589+00:00 | Debian Oval Importer | Fixing | VCID-mn2e-rngd-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T06:25:16.252227+00:00 | Debian Oval Importer | Fixing | VCID-q3fd-q3r3-aaas | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T06:21:15.311678+00:00 | Debian Oval Importer | Fixing | VCID-yng9-6r39-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T06:03:05.806097+00:00 | Debian Oval Importer | Fixing | VCID-acxu-8qcw-aaan | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T05:27:55.455778+00:00 | Debian Oval Importer | Fixing | VCID-rrcd-7j67-aaaf | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T05:27:23.548913+00:00 | Debian Oval Importer | Fixing | VCID-4pxy-6rjv-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T04:51:11.945712+00:00 | Debian Oval Importer | Fixing | VCID-8pm8-hj6d-aaaq | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T04:34:55.028665+00:00 | Debian Oval Importer | Fixing | VCID-ruev-xj9h-aaab | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T03:35:39.639373+00:00 | Debian Oval Importer | Fixing | VCID-pd2b-aqnw-aaam | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-07T17:25:52.514846+00:00 | Debian Oval Importer | Fixing | VCID-8pm8-hj6d-aaaq | None | 36.0.0 |
| 2025-04-07T17:02:32.279166+00:00 | Debian Oval Importer | Fixing | VCID-4pxy-6rjv-aaae | None | 36.0.0 |
| 2025-04-07T16:39:49.404120+00:00 | Debian Oval Importer | Fixing | VCID-acxu-8qcw-aaan | None | 36.0.0 |
| 2025-04-07T16:31:23.322572+00:00 | Debian Oval Importer | Fixing | VCID-q3fd-q3r3-aaas | None | 36.0.0 |
| 2025-04-07T16:26:17.713689+00:00 | Debian Oval Importer | Fixing | VCID-pd2b-aqnw-aaam | None | 36.0.0 |
| 2025-04-07T15:28:46.415727+00:00 | Debian Oval Importer | Fixing | VCID-j3u4-a9cj-aaap | None | 36.0.0 |
| 2025-04-07T15:06:05.167576+00:00 | Debian Oval Importer | Fixing | VCID-yng9-6r39-aaap | None | 36.0.0 |
| 2025-04-07T15:01:15.719517+00:00 | Debian Oval Importer | Fixing | VCID-rrcd-7j67-aaaf | None | 36.0.0 |
| 2025-04-07T13:19:07.808434+00:00 | Debian Oval Importer | Fixing | VCID-mn2e-rngd-aaae | None | 36.0.0 |
| 2025-04-07T12:46:24.307945+00:00 | Debian Oval Importer | Fixing | VCID-ruev-xj9h-aaab | None | 36.0.0 |
| 2025-04-05T23:50:37.855013+00:00 | Debian Importer | Fixing | VCID-pd2b-aqnw-aaam | None | 36.0.0 |
| 2025-02-19T02:31:40.011064+00:00 | Debian Importer | Fixing | VCID-pd2b-aqnw-aaam | None | 35.1.0 |
| 2024-04-24T12:52:39.477668+00:00 | Debian Importer | Fixing | VCID-pd2b-aqnw-aaam | None | 34.0.0rc4 |
| 2024-01-10T14:58:38.559180+00:00 | Debian Importer | Fixing | VCID-pd2b-aqnw-aaam | None | 34.0.0rc2 |
| 2024-01-04T05:35:34.606650+00:00 | Debian Importer | Fixing | VCID-pd2b-aqnw-aaam | None | 34.0.0rc1 |