libmspack: buffer overflow in function chmd_read_headers() (CVE-2019-1010305)

libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmd_read_headers() in libmspack(file libmspack/mspack/chmd.c). The attack vector is: the victim must open a specially crafted chm file.

References:

https://github.com/kyz/libmspack/issues/27
https://nvd.nist.gov/vuln/detail/CVE-2019-1010305

Patch:

https://github.com/kyz/libmspack/commit/2f084136cfe0d05e5bf5703f3e83c6d955234b4d

Affected branches:

Edited Mar 26, 2020 by Leo

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information