libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmd_read_headers() in libmspack(file libmspack/mspack/chmd.c). The attack vector is: the victim must open a specially crafted chm file. Reference: https://github.com/kyz/libmspack/commit/2f084136cfe0d05e5bf5703f3e83c6d955234b4d https://github.com/kyz/libmspack/issues/27
Created libmspack tracking bugs for this issue: Affects: epel-6 [bug 1730569]
Created libmspack tracking bugs for this issue: Affects: fedora-all [bug 1730570]
When opening Windows compressed archives, libmspack starts reading the archive header to retrieve files and compression information. During this stage at chmd_read_headers() if a CHM file starts file '::' and is shorter than 33 bytes a heap-based buffer overflow happens due to out-of-bands read. This happens when the user opens a specially crafted CHM file. The flaw itself has a very low impact and is not easily exploitable, its may be produce small heap data leaks but with no further consequences.
Statement: This issue affects versions of libmspack as shipped with Red Hat Enterprise Linux 7 and 8. This flaw was rated as having a Low security impact by the Red Hat Product Security Team.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:1686 https://access.redhat.com/errata/RHSA-2020:1686
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-1010305
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:3848 https://access.redhat.com/errata/RHSA-2020:3848