AVG-603

Package libmspack
Status Fixed
Severity Critical
Type multiple issues
Affected 0.5alpha-1
Fixed 1:0.6alpha-1
Current 1:0.6alpha-1 [extra]
Ticket None
Created Wed Jan 31 10:33:50 2018
Issue Severity Remote Type Description
CVE-2017-6419 Critical Yes Arbitrary code execution
mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV before 0.99.4, allows remote attackers to cause a denial of service (heap-based buffer overflow and...
CVE-2017-11423 Medium Yes Denial of service
The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV before 0.99.4  and other products, allows remote attackers to cause...
Date Advisory Package Description
20 Feb 2018 ASA-201802-9 libmspack multiple issues