USN-7788-1: libmspack vulnerabilities
Publication date
1 October 2025
Overview
Several security issues were fixed in libmspack.
Releases
Packages
- libmspack - library for Microsoft compression formats
Details
Jakub Wilk discovered that libmspack did not correctly handle certain
integer operations and bounds checking. A remote attacker could possibly
use this issue to cause a denial of service. (CVE-2015-4467, CVE-2015-4468,
CVE-2015-4469, CVE-2015-4472)
It was discovered that libmspack incorrectly handled certain malformed CAB
files. A remote attacker could use this issue to cause libmspack to crash,
resulting in a denial of service. (CVE-2017-11423)
It was discovered that libmspack incorrectly handled certain malformed CHM
files. A remote attacker could use this issue to cause libmspack to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2017-6419)
Hanno Böck discovered...
Jakub Wilk discovered that libmspack did not correctly handle certain
integer operations and bounds checking. A remote attacker could possibly
use this issue to cause a denial of service. (CVE-2015-4467, CVE-2015-4468,
CVE-2015-4469, CVE-2015-4472)
It was discovered that libmspack incorrectly handled certain malformed CAB
files. A remote attacker could use this issue to cause libmspack to crash,
resulting in a denial of service. (CVE-2017-11423)
It was discovered that libmspack incorrectly handled certain malformed CHM
files. A remote attacker could use this issue to cause libmspack to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2017-6419)
Hanno Böck discovered that libmspack incorrectly handled certain CHM files.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2018-14679, CVE-2018-14680)
Jakub Wilk discovered that libmspack incorrectly handled certain KWAJ
files. An attacker could possibly use this issue to execute arbitrary code.
(CVE-2018-14681)
Dmitry Glavatskikh discovered that libmspack incorrectly handled certain
CHM files. An attacker could possibly use this issue to execute arbitrary
code. (CVE-2018-14682)
It was discovered libmspack incorrectly handled certain malformed CAB
files. A remote attacker could use this issue to cause libmspack to crash,
resulting in a denial of service. (CVE-2018-18585)
It was discovered that libmspack incorrectly handled certain CHM files. A
remote attacker could possibly use this issue to access sensitive
information. (CVE-2019-1010305)
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 14.04 trusty | libmspack-dev – 0.4-1ubuntu0.1~esm2 | ||
| libmspack-doc – 0.4-1ubuntu0.1~esm2 | |||
| libmspack0 – 0.4-1ubuntu0.1~esm2 | |||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.
References
- CVE-2019-1010305
- CVE-2018-18585
- CVE-2018-14682
- CVE-2018-14681
- CVE-2018-14680
- CVE-2018-14679
- CVE-2017-6419
- CVE-2017-11423
- CVE-2015-4472
- CVE-2015-4469
- CVE-2019-1010305
- CVE-2018-18585
- CVE-2018-14682
- CVE-2018-14681
- CVE-2018-14680
- CVE-2018-14679
- CVE-2017-6419
- CVE-2017-11423
- CVE-2015-4472
- CVE-2015-4469
- CVE-2015-4468
- CVE-2015-4467