CVE-2017-6419Improper Restriction of Operations within the Bounds of a Memory Buffer in Project Libmspack

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-122Heap-based Buffer Overflow18 documents8 sources
Severity
7.8HIGHNVD
EPSS
2.5%
top 14.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
ClamavLibmspack Project Libmspack
Timeline
PublishedAug 7
Latest updateOct 1

Description

mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

Debianlibmspack_project/libmspack< 0.6-1+3
Ubuntulibmspack_project/libmspack< 0.5-1ubuntu0.16.04.1
Debianclamav/clamav< 0.99.3~beta1+dfsg-1+3

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

6
OSV
libmspack vulnerabilities2025-10-01
GHSA
GHSA-x569-chqv-xjj7: mspack/lzxd2022-05-14
OSV
libmspack vulnerabilities2017-08-17
OSV
clamav vulnerabilities2017-08-17
CVEList
CVE-2017-6419: mspack/lzxd2017-08-07

📋Vendor Advisories

6
Ubuntu
libmspack vulnerabilities2025-10-01
Ubuntu
libmspack vulnerabilities2017-08-17
Ubuntu
ClamAV vulnerabilities2017-08-17
Ubuntu
ClamAV vulnerabilities2017-08-17
Red Hat
clamav: heap-based buffer overflow in mspack/lzxd.c2017-03-29

💬Community

5
Bugzilla
CVE-2017-6418 CVE-2017-6419 CVE-2017-6420 clamav: various flaws [epel-all]2017-08-22
Bugzilla
CVE-2017-11423 CVE-2017-6419 libmspack: various flaws [epel-all]2017-08-22
Bugzilla
CVE-2017-6419 libmspack, clamav: heap-based buffer overflow in mspack/lzxd.c2017-08-22
Bugzilla
CVE-2017-11423 CVE-2017-6419 libmspack: various flaws [fedora-all]2017-08-22
Bugzilla
CVE-2017-6418 CVE-2017-6419 CVE-2017-6420 clamav: various flaws [fedora-all]2017-08-22
CVE-2017-6419 — Project Libmspack vulnerability | cvebase