logo

Database

Lack of data validation In libmspack

Description

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash).

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

1-10 of 12

10

Aliases

1. CVE-2018-146792. NVD-2018-146793. OSV-ALPINE-2018-146794. OSV-2018-146795. OSV-DEBIAN-2018-146796. SECURITY-CVE-2018-146797. SECURITY-TRACKER-CVE-2018-14679

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.