First published: Sat Jul 28 2018(Updated: )
An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Cabextract Libmspack | =0.0.20060920-alpha | |
Cabextract Libmspack | =0.3-alpha | |
Cabextract Libmspack | =0.4-alpha | |
Cabextract Libmspack | =0.5-alpha | |
Cabextract Libmspack | =0.6-alpha | |
Cabextract Project Cabextract | <=1.5 | |
Canonical Ubuntu Linux | =12.04 | |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Debian Debian Linux | =8.0 | |
Debian Debian Linux | =9.0 | |
Redhat Ansible Tower | =3.3 | |
Redhat Enterprise Linux Desktop | =7.0 | |
Redhat Enterprise Linux Server | =7.0 | |
Redhat Enterprise Linux Workstation | =7.0 | |
redhat/libmspack | <0.7 | 0.7 |
ubuntu/libmspack | <0.6-3ubuntu0.1 | 0.6-3ubuntu0.1 |
ubuntu/libmspack | <0.7 | 0.7 |
ubuntu/libmspack | <0.5-1ubuntu0.16.04.2 | 0.5-1ubuntu0.16.04.2 |
ubuntu/clamav | <0.100.1+dfsg-1ubuntu0.14.04.3 | 0.100.1+dfsg-1ubuntu0.14.04.3 |
debian/libmspack | 0.10.1-1 0.10.1-2 0.11-1 0.11-1.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-14681 is a vulnerability in libmspack before version 0.7alpha that can be exploited through bad KWAJ file header extensions, resulting in a one or two byte overwrite.
The severity of CVE-2018-14681 is high, with a severity value of 8.8.
CVE-2018-14681 affects libmspack versions before 0.7alpha.
To fix CVE-2018-14681, upgrade to libmspack version 0.7alpha or later.
More information about CVE-2018-14681 can be found at the following references: [1](http://www.openwall.com/lists/oss-security/2018/07/26/1), [2](http://www.securitytracker.com/id/1041410), [3](https://access.redhat.com/errata/RHSA-2018:3327)