CVE-2015-4469
libmspack < 0.4-3 - Denial of Service via CHM File Name Length Mismatch
Title source: llmDescription
The chmd_read_headers function in chmd.c in libmspack before 0.5 does not validate name lengths, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CHM file.
References (4)
Core 4
Core References
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2015/02/03/11
Various Sources x_refsource_confirm
http://anonscm.debian.org/cgit/collab-maint/libmspack.git/diff/debian/patches/fix-name-field-boundaries.patch?id=a25bb144795e526748b57884daf365732c7e2295
Exploit x_refsource_confirm
https://bugs.debian.org/774726
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/72486
Scores
EPSS
0.0146
EPSS Percentile
70.4%
Details
CWE
CWE-119
Status
published
Products (1)
libmspack_project/libmspack
< 0.4-3
Published
Jun 11, 2015
Tracked Since
Feb 18, 2026