File _patchinfo of Package patchinfo.20476
<patchinfo incident="20476">
<issue tracker="cve" id="2018-14682"/>
<issue tracker="cve" id="2018-14681"/>
<issue tracker="cve" id="2018-14679"/>
<issue tracker="bnc" id="1103032">VUL-1: CVE-2018-14679: libmspack, clamav: An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There isan off-by-one error in the CHM PMGI/PMGL chunk number validity checks, whichcould lead to denial of service (uninitialized da</issue>
<packager>dspinella</packager>
<rating>moderate</rating>
<category>security</category>
<summary>Security update for libmspack</summary>
<description>This update for libmspack fixes the following issues:
- CVE-2018-14681: Bad KWAJ file header extensions could cause a one or two byte overwrite. (bsc#1103032)
- CVE-2018-14682: There is an off-by-one error in the TOLOWER() macro for CHM decompression. (bsc#1103032)
- CVE-2018-14679: There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service. (bsc#1103032)
</description>
</patchinfo>