Home / mailingsPDF  

[USN-7788-1] libmspack vulnerabilities

Posted on 02 October 2025
Ubuntu Security

==========================================================================Ubuntu Security Notice USN-7788-1
October 01, 2025

libmspack vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in libmspack.

Software Description:
- libmspack: library for Microsoft compression formats

Details:

Jakub Wilk discovered that libmspack did not correctly handle certain
integer operations and bounds checking. A remote attacker could possibly
use this issue to cause a denial of service. (CVE-2015-4467, CVE-2015-4468,
CVE-2015-4469, CVE-2015-4472)

It was discovered that libmspack incorrectly handled certain malformed CAB
files. A remote attacker could use this issue to cause libmspack to crash,
resulting in a denial of service. (CVE-2017-11423)

It was discovered that libmspack incorrectly handled certain malformed CHM
files. A remote attacker could use this issue to cause libmspack to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2017-6419)

Hanno Böck discovered that libmspack incorrectly handled certain CHM files.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2018-14679, CVE-2018-14680)

Jakub Wilk discovered that libmspack incorrectly handled certain KWAJ
files. An attacker could possibly use this issue to execute arbitrary code.
(CVE-2018-14681)

Dmitry Glavatskikh discovered that libmspack incorrectly handled certain
CHM files. An attacker could possibly use this issue to execute arbitrary
code. (CVE-2018-14682)

It was discovered libmspack incorrectly handled certain malformed CAB
files. A remote attacker could use this issue to cause libmspack to crash,
resulting in a denial of service. (CVE-2018-18585)

It was discovered that libmspack incorrectly handled certain CHM files. A
remote attacker could possibly use this issue to access sensitive
information. (CVE-2019-1010305)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS
libmspack-dev 0.4-1ubuntu0.1~esm2
Available with Ubuntu Pro
libmspack-doc 0.4-1ubuntu0.1~esm2
Available with Ubuntu Pro
libmspack0 0.4-1ubuntu0.1~esm2
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7788-1
CVE-2015-4467, CVE-2015-4468, CVE-2015-4469, CVE-2015-4472,
CVE-2017-11423, CVE-2017-6419, CVE-2018-14679, CVE-2018-14680,
CVE-2018-14681, CVE-2018-14682, CVE-2018-18585, CVE-2019-1010305

--===============6217675527360276151==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature

 

TOP

Mailings :

Exploits :