Debian Security Advisory
DLA-1460-1 libmspack -- LTS security update
- Date Reported:
- 06 Aug 2018
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2018-14681, CVE-2018-14682, CVE-2018-14679, CVE-2018-14680.
- More information:
It was discovered that there were several vulnerabilities in libsmpack, a library used to handle Microsoft compression formats.
A remote attacker could craft malicious .CAB, .CHM or .KWAJ files and use these flaws to cause a denial of service via application crash, or potentially execute arbitrary code.
For Debian 8
Jessie, this issue has been fixed in libmspack version 0.5-1+deb8u2.
We recommend that you upgrade your libmspack packages.