CVE-2015-4467 — Project Libmspack vulnerability

CWE-1898 documents7 sources

Severity

4.3MEDIUMNVD

EPSS

0.4%

top 40.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libmspack Project Libmspack

Timeline

PublishedJun 11

Latest updateOct 1

Description

The chmd_init_decomp function in chmd.c in libmspack before 0.5 does not properly validate the reset interval, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted CHM file.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶Debianlibmspack_project/libmspack< 0.4-3+3

▶Ubuntulibmspack_project/libmspack< 0.4-1ubuntu0.1~esm2

▶NVDlibmspack_project/libmspack0.4-3

🔴Vulnerability Details

OSV

libmspack vulnerabilities↗2025-10-01

▶

GHSA

GHSA-m3p3-3q23-v7x3: The chmd_init_decomp function in chmd↗2022-05-17

▶

OSV

CVE-2015-4467: The chmd_init_decomp function in chmd↗2015-06-11

▶

CVEList

CVE-2015-4467: The chmd_init_decomp function in chmd↗2015-06-11

▶

📋Vendor Advisories

Ubuntu

libmspack vulnerabilities↗2025-10-01

▶

Debian

CVE-2015-4467: libmspack - The chmd_init_decomp function in chmd.c in libmspack before 0.5 does not properl...↗2015

▶

💬Community

Bugzilla

CVE-2015-4467 CVE-2015-4472 libmspack: denial of service while processing crafted CHM file (floating point exception)↗2015-01-08

▶