It was reported [1] that libmspack has three pointer arithmetic overflow issues, which can later cause buffer over-read. Two sample CHM files that trigger segfaults, which are caused by the overflows, can be found at [1]. Proposed patch to fix this issue is attached. As per the report, only 32-bit architecture if affected. [1]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774726
Created libmspack tracking bugs for this issue: Affects: fedora-all [bug 1180180] Affects: epel-all [bug 1180181]
libmspack-0.5-0.1.alpha.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
libmspack-0.5-0.1.alpha.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
libmspack-0.5-0.1.alpha.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
libmspack-0.5-0.1.alpha.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
libmspack-0.5-0.1.alpha.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.
CVE assigned: http://seclists.org/oss-sec/2015/q2/691
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.