Debian Security Advisory

DLA-1460-1 libmspack -- LTS security update

Date Reported:
06 Aug 2018
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2018-14681, CVE-2018-14682, CVE-2018-14679, CVE-2018-14680.
More information:

It was discovered that there were several vulnerabilities in libsmpack, a library used to handle Microsoft compression formats.

A remote attacker could craft malicious .CAB, .CHM or .KWAJ files and use these flaws to cause a denial of service via application crash, or potentially execute arbitrary code.

For Debian 8 Jessie, this issue has been fixed in libmspack version 0.5-1+deb8u2.

We recommend that you upgrade your libmspack packages.