CESA-2018:3327 -- centos 7 libmspackID: oval:org.secpod.oval:def:205079 | Date: (C)2021-01-19 (M)2023-12-20 |
Class: PATCH | Family: unix |
The libmspack packages contain a library providing compression and extraction of the Cabinet file format used by Microsoft. Security Fix: * libmspack: off-by-one error in the CHM PMGI/PMGL chunk number validity checks * libmspack: off-by-one error in the CHM chunk number validity checks * libmspack: out-of-bounds write in kwajd_read_headers in mspack/kwajd.c * libmspack: off-by-one error in the TOLOWER macro for CHM decompression For more details about the security issue, including the impact, a CVSS score, and other related information, refer to the CVE page listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.