Out-of-bounds read in libmspack

#VU19266 Out-of-bounds read in libmspack

Published: 2019-07-19

Vulnerability identifier: #VU19266

Vulnerability risk: Low

CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-1010305

CWE-ID: CWE-125

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
libmspack
Universal components / Libraries / Libraries used by multiple products

Vendor: Stuart Caie

Description

The vulnerability allows an attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when processing a specially crafted chm file in libmspack 0.9.1alpha. A remote attacker can create a specially crafted chm file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation
Install update from vendor's website.

Vulnerable software versions

libmspack: 0.9.1alpha

External links
http://github.com/kyz/libmspack/commit/2f084136cfe0d05e5bf5703f3e83c6d955234b4d
http://github.com/kyz/libmspack/issues/27
http://usn.ubuntu.com/4066-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Red Hat Enterprise Linux 7 update for libmspack

OpenSUSE Linux update for libmspack

Red Hat Enterprise Linux 8 update for libmspack

Out-of-bounds read in libmspack (Alpine package)

Information disclosure in libmspack