CVE-2018-14681

Name

CVE-2018-14681

Description

An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.

NVD Severity

high

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

References

Type	URI
Patch	https://github.com/kyz/libmspack/commit/0b0ef9344255ff5acfac6b7af09198ac9c9756c8
Issue Tracking	https://bugs.debian.org/904799
Mailing List	http://www.openwall.com/lists/oss-security/2018/07/26/1
Third Party Advisory	https://usn.ubuntu.com/3728-1/
Third Party Advisory	https://www.debian.org/security/2018/dsa-4260
Third Party Advisory	https://usn.ubuntu.com/3728-3/
Third Party Advisory	http://www.securitytracker.com/id/1041410
Mailing List	https://lists.debian.org/debian-lts-announce/2018/08/msg00007.html
Third Party Advisory	https://usn.ubuntu.com/3728-2/
Third Party Advisory	https://usn.ubuntu.com/3789-2/
Third Party Advisory	https://access.redhat.com/errata/RHSA-2018:3327
Third Party Advisory	https://access.redhat.com/errata/RHSA-2018:3505
Third Party Advisory	https://security.gentoo.org/glsa/201903-20

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:cabextract:libmspack:0.6:alpha::::::`	libmspack	== None	== 0.6
`cpe:2.3:a:cabextract:libmspack:0.4:alpha::::::`	libmspack	== None	== 0.4
`cpe:2.3:a:cabextract:libmspack:0.0.20060920:alpha::::::`	libmspack	== None	== 0.0.20060920
`cpe:2.3:a:cabextract_project:cabextract::::::::`	cabextract	>= None	<= 1.5
`cpe:2.3:a:cabextract:libmspack:0.5:alpha::::::`	libmspack	== None	== 0.5
`cpe:2.3:a:cabextract:libmspack:0.3:alpha::::::`	libmspack	== None	== 0.3

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status