CVE-2019-1010305: Buffer Overflow
First published: Mon Jul 15 2019(Updated: )
Last updated 24 July 2024
Credit: josh@bress.net josh@bress.net
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Kyzer Libmspack | =0.9.1-alpha | |
| Fedoraproject Fedora | =29 | |
| Fedoraproject Fedora | =30 | |
| Debian Debian Linux | =8.0 | |
| Debian Debian Linux | =9.0 | |
| Canonical Ubuntu Linux | =12.04 | |
| Canonical Ubuntu Linux | =14.04 | |
| Canonical Ubuntu Linux | =16.04 | |
| Canonical Ubuntu Linux | =18.04 | |
| debian/libmspack | 0.10.1-2 0.11-1 0.11-1.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/kyz/libmspack/commit/2f084136cfe0d05e5bf5703f3e83c6d955234b4d
- https://github.com/kyz/libmspack/issues/27
- https://lists.debian.org/debian-lts-announce/2019/08/msg00028.html
- https://lists.debian.org/debian-lts-announce/2021/10/msg00033.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXWNEY4CJBLPRKV6LG7FQUPD6WVZYBTB/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S2QJTUAGP22YY7453MHGTFN4YQE5HJBR/
- https://usn.ubuntu.com/4066-1/
- https://usn.ubuntu.com/4066-2/
- https://launchpad.net/bugs/cve/CVE-2019-1010305
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IXWNEY4CJBLPRKV6LG7FQUPD6WVZYBTB/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2QJTUAGP22YY7453MHGTFN4YQE5HJBR/
- https://security-tracker.debian.org/tracker/CVE-2019-1010305
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010305
- https://nvd.nist.gov/vuln/detail/CVE-2019-1010305
- https://ubuntu.com/security/CVE-2019-1010305
Frequently Asked Questions
What is the vulnerability ID of this vulnerability?
The vulnerability ID of this vulnerability is CVE-2019-1010305.
What is the impact of this vulnerability?
The impact of this vulnerability is information disclosure.
What is the affected component of this vulnerability?
The affected component of this vulnerability is the function chmd_read_headers() in libmspack.
What is the fixed version of libmspack?
The fixed version of libmspack is after commit 2f084136...
Where can I find more information about this vulnerability?
More information about this vulnerability can be found at the following references: [Link 1](https://github.com/kyz/libmspack/commit/2f084136cfe0d05e5bf5703f3e83c6d955234b4d), [Link 2](https://github.com/kyz/libmspack/issues/27), [Link 3](https://lists.debian.org/debian-lts-announce/2019/08/msg00028.html)
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/author
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/severity
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/description
- agent/event
- agent/references
- agent/tags
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/usn-cve
- source/Ubuntu
- vendor/kyzer
- canonical/kyzer libmspack
- version/kyzer libmspack/0.9.1-alpha
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/29
- version/fedoraproject fedora/30
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/8.0
- version/debian debian linux/9.0
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/12.04
- version/canonical ubuntu linux/14.04
- version/canonical ubuntu linux/16.04
- version/canonical ubuntu linux/18.04
- package-manager/debian