CVE-2018-14681Out-of-bounds Write in Libmspack

CWE-787Out-of-bounds Write17 documents8 sources
Severity
8.8HIGHNVD
OSV6.5
EPSS
4.4%
top 10.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Libmspack Project LibmspackCabextract Project CabextractCabextract Libmspack+6 more
Timeline
PublishedJul 28
Latest updateOct 1

Description

An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages8 packages

Debianlibmspack_project/libmspack< 0.7-1+3
Ubuntulibmspack_project/libmspack< 0.5-1ubuntu0.16.04.2+1
NVDcabextract/libmspack5 versions+4

Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 12.04, 14.04, 16.04, 18.04

Patches

Patch: bugs.debian.orgPatch: github.comPatch: bugs.debian.org

🔴Vulnerability Details

5
GHSA
GHSA-px34-hh2g-j67r: An issue was discovered in kwajd_read_headers in mspack/kwajd2022-05-13
OSV
libmspack vulnerabilities2018-08-01
OSV
clamav vulnerabilities2018-08-01
OSV
CVE-2018-14681: An issue was discovered in kwajd_read_headers in mspack/kwajd2018-07-28
CVEList
CVE-2018-14681: An issue was discovered in kwajd_read_headers in mspack/kwajd2018-07-28

📋Vendor Advisories

7
Ubuntu
libmspack vulnerabilities2025-10-01
Ubuntu
ClamAV vulnerabilities2018-10-16
Ubuntu
ClamAV vulnerabilities2018-08-02
Ubuntu
ClamAV vulnerabilities2018-08-01
Ubuntu
libmspack vulnerabilities2018-08-01

💬Community

4
Bugzilla
CVE-2018-14681 libmspack: Out-of-bounds Write in kwajd_read_headers in mspack/kwajd.c [fedora-all]2018-08-01
Bugzilla
CVE-2018-14681 libmspack: out-of-bounds write in kwajd_read_headers in mspack/kwajd.c2018-08-01
Bugzilla
CVE-2018-14681 libmspack: Out-of-bounds Write in kwajd_read_headers in mspack/kwajd.c [epel-all]2018-08-01
Bugzilla
CVE-2018-11356 wireshark: DNS dissector crash in packet-dns.c2018-05-23
CVE-2018-14681 — Out-of-bounds Write in Libmspack | cvebase