CVE-2014-9556 — Infinite Loop in Project Libmspack

CWE-1898 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

1.3%

top 20.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cabextract Project Cabextract Libmspack Project Libmspack

Timeline

PublishedFeb 3

Latest updateMay 14

Description

Integer overflow in the qtmd_decompress function in libmspack 0.4 allows remote attackers to cause a denial of service (hang) via a crafted CAB file, which triggers an infinite loop.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶Debianlibmspack_project/libmspack< 0.4-2+3

▶NVDlibmspack_project/libmspack0.4

▶Debiancabextract_project/cabextract< 1.4-5+3

🔴Vulnerability Details

GHSA

GHSA-9768-cv3h-4v3f: Integer overflow in the qtmd_decompress function in libmspack 0↗2022-05-14

▶

OSV

CVE-2014-9556: Integer overflow in the qtmd_decompress function in libmspack 0↗2015-02-03

▶

CVEList

CVE-2014-9556: Integer overflow in the qtmd_decompress function in libmspack 0↗2015-02-03

▶

📋Vendor Advisories

Debian

CVE-2014-9556: cabextract - Integer overflow in the qtmd_decompress function in libmspack 0.4 allows remote ...↗2014

▶

💬Community

Bugzilla

CVE-2014-9556 libmspack: buffer overflow causing denial of service in qtmd_decompress() [fedora-all]↗2015-01-07

▶

Bugzilla

CVE-2014-9556 libmspack: buffer overflow causing denial of service in qtmd_decompress() [epel-all]↗2015-01-07

▶

Bugzilla

CVE-2014-9556 libmspack: buffer overflow causing denial of service in qtmd_decompress()↗2015-01-05

▶