CVE-2015-4468 — Project Libmspack vulnerability

CWE-1898 documents7 sources

Severity

4.3MEDIUMNVD

EPSS

0.4%

top 40.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libmspack Project Libmspack

Timeline

PublishedJun 11

Latest updateOct 1

Description

Multiple integer overflows in the search_chunk function in chmd.c in libmspack before 0.5 allow remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CHM file.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶Debianlibmspack_project/libmspack< 0.4-3+3

▶Ubuntulibmspack_project/libmspack< 0.4-1ubuntu0.1~esm2

▶NVDlibmspack_project/libmspack0.4-3

🔴Vulnerability Details

OSV

libmspack vulnerabilities↗2025-10-01

▶

GHSA

GHSA-f6cg-9mvp-r5gc: Multiple integer overflows in the search_chunk function in chmd↗2022-05-17

▶

CVEList

CVE-2015-4468: Multiple integer overflows in the search_chunk function in chmd↗2015-06-11

▶

OSV

CVE-2015-4468: Multiple integer overflows in the search_chunk function in chmd↗2015-06-11

▶

📋Vendor Advisories

Ubuntu

libmspack vulnerabilities↗2025-10-01

▶

Debian

CVE-2015-4468: libmspack - Multiple integer overflows in the search_chunk function in chmd.c in libmspack b...↗2015

▶

💬Community

Bugzilla

CVE-2015-4468 CVE-2015-4468 libmspack: pointer arithmetic overflow during CHM decompression↗2015-01-08

▶