Stuart Caie

9 exploits Active since Jun 2015
CVE-2015-4471 WRITEUP WRITEUP
libmspack < 0.4-3 - Denial of Service via Crafted CAB Archive
Off-by-one error in the lzxd_decompress function in lzxd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (buffer under-read and application crash) via a crafted CAB archive.
CVE-2018-14679 WRITEUP MEDIUM WRITEUP
libmspack - Denial of Service via CHM PMGI/PMGL Chunk Number Validity Check
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash).
CVSS 6.5
CVE-2018-14680 WRITEUP MEDIUM WRITEUP
libmspack <0.7alpha - Info Disclosure
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.
CVSS 6.5
CVE-2018-14681 WRITEUP HIGH WRITEUP
libmspack <0.7alpha - Buffer Overflow
An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.
CVSS 8.8
CVE-2018-14682 WRITEUP HIGH WRITEUP
libmspack <0.7alpha - Buffer Overflow
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.
CVSS 8.8
CVE-2018-18584 WRITEUP MEDIUM WRITEUP
cabextract < 1.8 - Out-of-bounds Write in CAB Block Input Buffer
In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.
CVSS 6.5
CVE-2018-18585 WRITEUP MEDIUM WRITEUP
libmspack - NULL Pointer Dereference in chmd_read_headers
chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name).
CVSS 4.3
CVE-2018-18586 WRITEUP MEDIUM WRITEUP
libmspack - Directory Traversal in chmextract Sample Program
chmextract.c in the chmextract sample program, as distributed with libmspack before 0.8alpha, does not protect against absolute/relative pathnames in CHM files, leading to Directory Traversal. NOTE: the vendor disputes that this is a libmspack vulnerability, because chmextract.c was only intended as a source-code example, not a supported application
CVSS 5.3
CVE-2019-1010305 WRITEUP MEDIUM WRITEUP
libmspack 0.9.1alpha - Buffer Overflow
libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmd_read_headers() in libmspack(file libmspack/mspack/chmd.c). The attack vector is: the victim must open a specially crafted chm file. The fixed version is: after commit 2f084136cfe0d05e5bf5703f3e83c6d955234b4d.
CVSS 5.5