OpenSUSE Linux update for libmspack

Author:
Category Operating Systems


Security Advisory

This security advisory describes one low risk vulnerability.

1) Out-of-bounds read

Severity: Low

CVSSv3:
2.7 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID:
CVE-2019-1010305

CWE-ID:
CWE-125 – Out-of-bounds Read

Exploit availability:
No

Description


The vulnerability allows an attacker to gain access to potentially sensitive information.


The vulnerability exists due to a boundary condition when processing a specially crafted chm file in libmspack 0.9.1alpha. A remote attacker can create a specially crafted chm file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse:
15.1

CPE

External links

https://lists.opensuse.org/opensuse-security-announce/2020-05/msg00068.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.





Source link

You must be logged in to post a comment.

RELATED STORIES
Category Operating Systems

Microsoft Windows RRAS Service MIBEntryGet Overflow – KK Hack Labs

March 5, 2021
This Metasploit module exploits an overflow in the Windows Routing and Remote Access Service (RRAS)...
Read More
Category Operating Systems

Google Releases Security Updates for Chrome – Kashif Ali

March 4, 2021
Original release date: March 3, 2021 Google has released Chrome version 89.0.4389.72 for Windows, Mac, and...
Read More
Category Operating Systems

Immunity CANVAS exploit pack is leaked on VirusTotal. More than 800 0-day vulnerabilities & exploits to hack into networks

March 3, 2021
Cybersecurity experts report that a version of CANVAS, an exploit platform to test vulnerabilities in...
Read More
Category Operating Systems

Red Hat Security Advisory 2021-0686-01

March 2, 2021
– The kernel packages contain the Linux kernel, the core of any Linux operating system....
Read More
Category Operating Systems

SciLinux: SLSA-2021-0671-1 Important: bind on SL7.x x86_64>

March 1, 2021
bind: Buffer overflow in the SPNEGO implementation affecting GSSAPI security policy negotiation (CVE-2020-8625) For more...
Read More
Category Operating Systems

Flaws In Zoom’s Keybase App Kept Chat Images From Being Deleted

February 28, 2021
chicksdaddy writes: The Security Ledger reports that a flaw in Zoom’s Keybase secure chat application...
Read More
Category Operating Systems

CVE-2021-3355 LightCMS 1.3.4 Cross Site Scripting – CXSecurity.com-漏洞情报、漏洞详情、安全漏洞、CVE

February 27, 2021
# Exploit Title: LightCMS 1.3.4 - 'exclusive' Stored XSS # Date: 25/02/2021 # Exploit Author:...
Read More
Category Operating Systems

Microsoft Patches Windows Remote Code Flaw

February 26, 2021
Governance & Risk Management , IT Risk Management , Patch Management The Flaw in Windows...
Read More
Category Operating Systems

VMware vCenter 6.5 / 7.0 Remote Code Execution Proof Of Concept

February 25, 2021
#-*- coding:utf-8 -*- banner = “”” 888888ba dP 88 `8b 88 a88aaaa8P’ .d8888b. d8888P .d8888b....
Read More
Category Operating Systems

NVD – CVE-2021-1378

February 24, 2021
CVE-2021-1378 Detail Undergoing Analysis This vulnerability is currently undergoing analysis...
Read More
digitpol
scale
element-support
Call Center
+31 55 8448040
element-map
Location

Global

International Cyber Crime Investigation

Digitpol is licensed by the Ministry of Justice: Licence Number POB1557

©Digitpol. All images and content are copyright of Digitpol and can not be used, replicated or reproduced without written permission. 2019.

Privacy  /   Terms and Policy   /   Site map  /   Contact