CVE-2017-6419 log
Source |
|
Severity | Critical |
Remote | Yes |
Type | Arbitrary code execution |
Description | mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV before 0.99.4, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code via a crafted CHM file. |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-603 | libmspack | 0.5alpha-1 | 1:0.6alpha-1 | Critical | Fixed | |
AVG-602 | clamav | 0.99.3-1 | 0.99.4-1 | Critical | Fixed |
Date | Advisory | Group | Package | Severity | Type |
---|---|---|---|---|---|
18 Mar 2018 | ASA-201803-14 | AVG-602 | clamav | Critical | multiple issues |
20 Feb 2018 | ASA-201802-9 | AVG-603 | libmspack | Critical | multiple issues |
Notes |
---|
ClamAV uses the libmspack system library when available. |