| Errata ID | 348 |
|---|---|
| Date | 2018-05-08 |
| Source package | libmspack |
| Fixed in version | 0.5-1.A~4.2.3.201801211553 |
| Description | This update addresses the following issues: * mspack/lzxd.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file. (CVE-2017-6419) * The cabd_read_string function allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file. (CVE-2017-11423) |
| Additional notes | |
| CVE ID | CVE-2017-6419 CVE-2017-11423 |
| UCS Bug number | #46138 |
