+ Stuart

On 2017-08-07 15:21:48 [+0200], Salvatore Bonaccorso wrote:
> Source: libmspack
> Version: 0.5-1
> Severity: grave
> Tags: security upstream
> 
> Hi,
> 
> the following vulnerability was published for libmspack.
> 
> CVE-2017-6419[0]:
> | mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows
> | remote attackers to cause a denial of service (heap-based buffer
> | overflow and application crash) or possibly have unspecified other
> | impact via a crafted CHM file.
> 
> It was fixed in ClamAV already at [1].
> 
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> 
> For further information see:
> 
> [0] https://security-tracker.debian.org/tracker/CVE-2017-6419
>     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6419
> [1] 
> https://github.com/vrtadmin/clamav-devel/commit/a83773682e856ad6529ba6db8d1792e6d515d7f1

Stuart, is this enough information or do you need more?

> Regards,
> Salvatore

Sebastian

Reply via email to