CVE-2018-14682 — Off-by-one Error in Libmspack

CWE-193 — Off-by-one Error17 documents8 sources

Severity

8.8HIGHNVD

EPSS

4.4%

top 10.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libmspack Project Libmspack Cabextract Project Cabextract Cabextract Libmspack +6 more

Timeline

PublishedJul 28

Latest updateOct 1

Description

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages7 packages

▶Debianlibmspack_project/libmspack< 0.7-1+3

▶NVDcabextract/libmspack5 versions+4

▶NVDcabextract_project/cabextract1.5

▶NVDredhat/ansible_tower3.3

▶NVDredhat/enterprise_linux_server7.0

Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 12.04, 14.04, 16.04, 18.04

Patches

Patch: bugs.debian.org ↗Patch: github.com ↗Patch: bugs.debian.org ↗

🔴Vulnerability Details

GHSA

GHSA-cx83-c67h-h9gr: An issue was discovered in mspack/chmd↗2022-05-13

▶

OSV

libmspack vulnerabilities↗2018-08-01

▶

OSV

clamav vulnerabilities↗2018-08-01

▶

CVEList

CVE-2018-14682: An issue was discovered in mspack/chmd↗2018-07-28

▶

OSV

CVE-2018-14682: An issue was discovered in mspack/chmd↗2018-07-28

▶

📋Vendor Advisories

Ubuntu

libmspack vulnerabilities↗2025-10-01

▶

Ubuntu

ClamAV vulnerabilities↗2018-10-16

▶

Ubuntu

ClamAV vulnerabilities↗2018-08-02

▶

Ubuntu

ClamAV vulnerabilities↗2018-08-01

▶

Ubuntu

libmspack vulnerabilities↗2018-08-01

▶

💬Community

Bugzilla

CVE-2018-14682 libmspack: off-by-one error in the TOLOWER() macro for CHM decompression [fedora-all]↗2018-08-01

▶

Bugzilla

CVE-2018-14682 libmspack: off-by-one error in the TOLOWER() macro for CHM decompression [epel-all]↗2018-08-01

▶

Bugzilla

CVE-2018-14682 libmspack: off-by-one error in the TOLOWER() macro for CHM decompression↗2018-08-01

▶

Bugzilla

CVE-2018-14343 wireshark: ASN.1 BER and related dissectors crash (wnpa-sec-2018-37)↗2018-07-23

▶