An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash).
A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Libmspack | Cabextract | 0.0.20060920-alpha (including) | 0.0.20060920-alpha (including) |
| Libmspack | Cabextract | 0.3-alpha (including) | 0.3-alpha (including) |
| Libmspack | Cabextract | 0.4-alpha (including) | 0.4-alpha (including) |
| Libmspack | Cabextract | 0.5-alpha (including) | 0.5-alpha (including) |
| Libmspack | Cabextract | 0.6-alpha (including) | 0.6-alpha (including) |
| Cabextract | Cabextract_project | * | 1.5 (including) |
| Red Hat Enterprise Linux 7 | RedHat | libmspack-0:0.5-0.6.alpha.el7 | * |
| Clamav | Ubuntu | trusty | * |
| Libmspack | Ubuntu | bionic | * |
| Libmspack | Ubuntu | esm-infra-legacy/trusty | * |
| Libmspack | Ubuntu | trusty | * |
| Libmspack | Ubuntu | trusty/esm | * |
| Libmspack | Ubuntu | upstream | * |
| Libmspack | Ubuntu | xenial | * |