CVE-2019-1010305Improper Restriction of Operations within the Bounds of a Memory Buffer in Libmspack

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-120Classic Buffer Overflow12 documents8 sources
Severity
5.5MEDIUMNVD
EPSS
0.3%
top 43.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Libmspack Project LibmspackLibmspackCanonical Ubuntu Linux+3 more
Timeline
PublishedJul 15
Latest updateOct 1

Description

libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmd_read_headers() in libmspack(file libmspack/mspack/chmd.c). The attack vector is: the victim must open a specially crafted chm file. The fixed version is: after commit 2f084136cfe0d05e5bf5703f3e83c6d955234b4d.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

Debianlibmspack_project/libmspack< 0.10.1-1+3
NVDkyzer/libmspack0.9.1
CVEListV5libmspack/libmspack0.9.1alpha [fixed: after commit 2f084136cfe0d05e5bf5703f3e83c6d955234b4d]

Also affects: Debian Linux 8.0, 9.0, Fedora 29, 30, Ubuntu Linux 12.04, 14.04, 16.04, 18.04

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-w7hv-jwj8-qh4r: libmspack 02022-05-24
CVEList
CVE-2019-1010305: libmspack 02019-07-15
OSV
CVE-2019-1010305: libmspack 02019-07-15

📋Vendor Advisories

5
Ubuntu
libmspack vulnerabilities2025-10-01
Ubuntu
ClamAV vulnerability2019-07-22
Ubuntu
libmspack vulnerability2019-07-18
Red Hat
libmspack: buffer overflow in function chmd_read_headers()2019-07-15
Debian
CVE-2019-1010305: libmspack - libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information...2019

💬Community

3
Bugzilla
CVE-2019-1010305 libmspack: buffer overflow in function chmd_read_headers() [epel-6]2019-07-17
Bugzilla
CVE-2019-1010305 libmspack: buffer overflow in function chmd_read_headers() [fedora-all]2019-07-17
Bugzilla
CVE-2019-1010305 libmspack: buffer overflow in function chmd_read_headers()2019-07-17
CVE-2019-1010305 — Libmspack vulnerability | cvebase