Vulnerability Details : CVE-2019-1010305
libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmd_read_headers() in libmspack(file libmspack/mspack/chmd.c). The attack vector is: the victim must open a specially crafted chm file. The fixed version is: after commit 2f084136cfe0d05e5bf5703f3e83c6d955234b4d.
Vulnerability category: OverflowInformation leak
Products affected by CVE-2019-1010305
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
- cpe:2.3:a:kyzer:libmspack:0.9.1:alpha:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-1010305
0.19%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 57 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-1010305
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST | |
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2019-1010305
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-1010305
-
https://github.com/kyz/libmspack/issues/27
Heap buffer overflow in chmd_read_headers() · Issue #27 · kyz/libmspack · GitHubExploit;Issue Tracking;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2019/08/msg00028.html
[SECURITY] [DLA 1895-1] libmspack security updateMailing List;Third Party Advisory
-
https://usn.ubuntu.com/4066-1/
USN-4066-1: libmspack vulnerability | Ubuntu security noticesThird Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S2QJTUAGP22YY7453MHGTFN4YQE5HJBR/
[SECURITY] Fedora 30 Update: libmspack-0.10.1-0.1.alpha.fc30 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://usn.ubuntu.com/4066-2/
USN-4066-2: ClamAV vulnerability | Ubuntu security noticesThird Party Advisory
-
https://github.com/kyz/libmspack/commit/2f084136cfe0d05e5bf5703f3e83c6d955234b4d
length checks when looking for control files · kyz/libmspack@2f08413 · GitHubPatch;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXWNEY4CJBLPRKV6LG7FQUPD6WVZYBTB/
[SECURITY] Fedora 29 Update: libmspack-0.10.1-0.1.alpha.fc29 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2021/10/msg00033.html
[SECURITY] [DLA 2805-1] libmspack security updateMailing List;Third Party Advisory
Jump to