CVE-2017-11423Out-of-bounds Read in Project Libmspack

CWE-125Out-of-bounds Read14 documents8 sources
Severity
5.5MEDIUMNVD
OSV4.3
EPSS
3.0%
top 13.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
ClamavLibmspack Project Libmspack
Timeline
PublishedJul 18
Latest updateOct 1

Description

The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2 and other products, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

Debianlibmspack_project/libmspack< 0.6-1+3
Ubuntulibmspack_project/libmspack< 0.4-1ubuntu0.1~esm2
Debianclamav/clamav< 0.99.3~beta1+dfsg-1+3

🔴Vulnerability Details

4
OSV
libmspack vulnerabilities2025-10-01
GHSA
GHSA-fgx7-5j8x-cj53: The cabd_read_string function in mspack/cabd2022-05-13
CVEList
CVE-2017-11423: The cabd_read_string function in mspack/cabd2017-07-18
OSV
CVE-2017-11423: The cabd_read_string function in mspack/cabd2017-07-18

📋Vendor Advisories

4
Ubuntu
libmspack vulnerabilities2025-10-01
Ubuntu
libmspack vulnerabilities2017-08-17
Red Hat
clamav: Stack-based buffer over-read in cabd_read_string function2017-07-18
Debian
CVE-2017-11423: clamav - The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used in...2017

💬Community

5
Bugzilla
CVE-2017-11423 CVE-2017-6419 libmspack: various flaws [epel-all]2017-08-22
Bugzilla
CVE-2017-11423 CVE-2017-6419 libmspack: various flaws [fedora-all]2017-08-22
Bugzilla
CVE-2017-11423 clamav: Stack-based buffer over-read in cabd_read_string function [fedora-all]2017-07-19
Bugzilla
CVE-2017-11423 libmspack, clamav: Stack-based buffer over-read in cabd_read_string function2017-07-19
Bugzilla
CVE-2017-11423 clamav: Stack-based buffer over-read in cabd_read_string function [epel-all]2017-07-19
CVE-2017-11423 — Out-of-bounds Read | cvebase