Fluid Attacks Database

Description

libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmd_read_headers() in libmspack(file libmspack/mspack/chmd.c). The attack vector is: the victim must open a specially crafted chm file. The fixed version is: after commit 2f084136cfe0d05e5bf5703f3e83c6d955234b4d.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	libmspack	>=0 <0.10.1-1	0.10.1-1
alpine v3.10	libmspack	=0.5_alpha-r1 \|\| =0.7.1_alpha-r0 \|\| =0.8_alpha-r0 \|\| >=0 <0.8_alpha-r1	0.8_alpha-r1
alpine v3.11	libmspack	=0.5_alpha-r1 \|\| =0.7.1_alpha-r0 \|\| =0.8_alpha-r0 \|\| =0.8_alpha-r1 \|\| >=0 <0.10.1_alpha-r0	0.10.1_alpha-r0
alpine v3.8	libmspack	=0.5_alpha-r1 \|\| =0.7.1_alpha-r0 \|\| =0.8_alpha-r0 \|\| >=0 <0.8_alpha-r1	0.8_alpha-r1
alpine v3.9	libmspack	=0.5_alpha-r1 \|\| =0.7.1_alpha-r0 \|\| =0.8_alpha-r0 \|\| >=0 <0.8_alpha-r1	0.8_alpha-r1
debian 12	libmspack	>=0 <0.10.1-1	0.10.1-1
debian 11	libmspack	>=0 <0.10.1-1	0.10.1-1
debian 13	libmspack	>=0 <0.10.1-1	0.10.1-1
rpm rhel8	libmspack	<0:0.7-0.3.alpha.el8.4	0:0.7-0.3.alpha.el8.4
rpm rhel7	libmspack	<0:0.5-0.8.alpha.el7	0:0.5-0.8.alpha.el7

Aliases

1. CVE-2019-10103052. NVD-2019-10103053. OSV-DEBIAN-2019-10103054. OSV-2019-10103055. OSV-ALPINE-2019-10103056. SECURITY-TRACKER-CVE-2019-10103057. SECURITY-CVE-2019-1010305

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.