File _patchinfo of Package patchinfo.20476

<patchinfo incident="20476">
  <issue tracker="cve" id="2018-14682"/>
  <issue tracker="cve" id="2018-14681"/>
  <issue tracker="cve" id="2018-14679"/>
  <issue tracker="bnc" id="1103032">VUL-1: CVE-2018-14679: libmspack, clamav: An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There isan off-by-one error in the CHM PMGI/PMGL chunk number validity checks, whichcould lead to denial of service (uninitialized da</issue>
  <packager>dspinella</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for libmspack</summary>
  <description>This update for libmspack fixes the following issues:

- CVE-2018-14681: Bad KWAJ file header extensions could cause a one or two byte overwrite. (bsc#1103032)
- CVE-2018-14682: There is an off-by-one error in the TOLOWER() macro for CHM decompression. (bsc#1103032)
- CVE-2018-14679: There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service. (bsc#1103032)
</description>
</patchinfo>
openSUSE Build Service is sponsored by