Alerts This Week
Warning Icon 1 1,003
Alerts This Week
Warning Icon 1 1,003

Ubuntu 14.04 LTS: libmspack Critical Denial of Service Advisory USN-7788-1

ubuntu
Calendar Grey October 1, 2025
Dist Ubuntu Esm H88
Several security issues in libmspack can lead to denial of service or arbitrary code execution. Update recommended!
Several security issues were fixed in libmspack.

Summary

Several security issues were fixed in libmspack.

Software Description:

- libmspack: library for Microsoft compression formats

Details:

Jakub Wilk discovered that libmspack did not correctly handle certain

integer operations and bounds checking. A remote attacker could possibly

use this issue to cause a denial of service. (CVE-2015-4467, CVE-2015-4468,

CVE-2015-4469, CVE-2015-4472)

It was discovered that libmspack incorrectly handled certain malformed CAB

files. A remote attacker could use this issue to cause libmspack to crash,

resulting in a denial of service. (CVE-2017-11423)

It was discovered that libmspack incorrectly handled certain malformed CHM

files. A remote attacker could use this issue to cause libmspack to crash,

resulting in a denial of service, or possibly execute arbitrary code.

(CVE-2017-6419)

Hanno Böck discovered that libmspack incorrectly handled certain CHM files.

An attacker could possibly use this issue to cause a denial of service.

(CVE-2018-14679, CVE...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory denial of service critical Ubuntu libmspack integer operations

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS
  libmspack-dev                   0.4-1ubuntu0.1~esm2
                                  Available with Ubuntu Pro
  libmspack-doc                   0.4-1ubuntu0.1~esm2
                                  Available with Ubuntu Pro
  libmspack0                      0.4-1ubuntu0.1~esm2
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7788-1

CVE-2015-4467, CVE-2015-4468, CVE-2015-4469, CVE-2015-4472,

CVE-2017-11423, CVE-2017-6419, CVE-2018-14679, CVE-2018-14680,

CVE-2018-14681, CVE-2018-14682, CVE-2018-18585, CVE-2019-1010305

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7788-1

Topics%20covered

Topics Covered

security advisory denial of service critical Ubuntu libmspack integer operations

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here