CVE-2015-4472 — Integer Overflow or Wraparound in Project Libmspack

CWE-189 CWE-190 — Integer Overflow or Wraparound12 documents8 sources

Severity

6.8MEDIUMNVD

OSV4.3

EPSS

0.4%

top 41.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libmspack Project Libmspack

Timeline

PublishedJun 11

Latest updateOct 1

Description

Off-by-one error in the READ_ENCINT macro in chmd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CHM file.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

▶Debianlibmspack_project/libmspack< 0.5-1+3

▶Ubuntulibmspack_project/libmspack< 0.4-1ubuntu0.1~esm2

▶NVDlibmspack_project/libmspack0.4-3

🔴Vulnerability Details

OSV

libmspack vulnerabilities↗2025-10-01

▶

OSV

libxmltok vulnerabilities↗2025-01-13

▶

OSV

libxmltok vulnerabilities↗2022-07-19

▶

GHSA

GHSA-p84q-j7vr-6c2r: Off-by-one error in the READ_ENCINT macro in chmd↗2022-05-17

▶

CVEList

CVE-2015-4472: Off-by-one error in the READ_ENCINT macro in chmd↗2015-06-11

▶

📋Vendor Advisories

Ubuntu

libmspack vulnerabilities↗2025-10-01

▶

Red Hat

expat: Undefined behavior and pointer overflows↗2016-05-15

▶

Debian

CVE-2015-4472: libmspack - Off-by-one error in the READ_ENCINT macro in chmd.c in libmspack before 0.5 allo...↗2015

▶

💬Community

Bugzilla

CVE-2016-4472 expat: Undefined behavior and pointer overflows↗2016-06-09

▶

Bugzilla

CVE-2015-4467 CVE-2015-4472 libmspack: denial of service while processing crafted CHM file (floating point exception)↗2015-01-08

▶