Debian Long Term Support / LTS Security Information / 2018 / Security Information -- DLA-1460-1 libmspack

Debian Security Advisory

DLA-1460-1 libmspack -- LTS security update

Date Reported:

06 Aug 2018

Affected Packages:

libmspack

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2018-14681, CVE-2018-14682, CVE-2018-14679, CVE-2018-14680.

More information:

It was discovered that there were several vulnerabilities in libsmpack, a library used to handle Microsoft compression formats.

A remote attacker could craft malicious .CAB, .CHM or .KWAJ files and use these flaws to cause a denial of service via application crash, or potentially execute arbitrary code.

For Debian 8 Jessie, this issue has been fixed in libmspack version 0.5-1+deb8u2.

We recommend that you upgrade your libmspack packages.