Source: libmspack Version: 0.5-1 Severity: important Tags: security upstream Forwarded: https://bugzilla.clamav.net/show_bug.cgi?id=11873
Hi, the following vulnerability was published for libmspack. CVE-2017-11423[0]: | The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, | as used in ClamAV 0.99.2 and other products, allows remote attackers to | cause a denial of service (stack-based buffer over-read and application | crash) via a crafted CAB file. Unfortunately the upstream bug [1] is locked-down. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-11423 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11423 [1] https://bugzilla.clamav.net/show_bug.cgi?id=11873 Regards, Salvatore
