Off-by-one error in the inflate function in mszipd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CAB archive.
Vector
NETWORK
Complexity
MEDIUM
Authentication
NONE
Confidentiality
NONE
Integrity
NONE
Availability
PARTIAL
| Advisory | Patch | Confirmed | Link |
|---|---|---|---|
| https://bugs.debian.org/775498 | |||
| [oss-security] 20150203 Possible CVE Requests: libmspack... | |||
| 72487 |