SB20200324128 - Out-of-bounds read in libmspack (Alpine package)
Published: March 24, 2020
Security Bulletin ID
SB20200324128
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2019-1010305)
The vulnerability allows an attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing a specially crafted chm file in libmspack 0.9.1alpha. A remote attacker can create a specially crafted chm file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=7b7625a81b8571398c20ac7e40ff345e3dfe118c
- https://git.alpinelinux.org/aports/commit/?id=a80261c4dde42201d0c53b6f7297c02b2b441827
- https://git.alpinelinux.org/aports/commit/?id=f370aec8dce498f800720394c0be31954ac54505
- https://git.alpinelinux.org/aports/commit/?id=d1f9356cc16b987133023ad09713a9df00127e16
- https://git.alpinelinux.org/aports/commit/?id=47362d38b04fa0174cb5db3d5ad497bb08657843