Candidate: CVE-2015-4471 PublicDate: 2015-06-11 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4471 http://www.openwall.com/lists/oss-security/2015/02/03/11 https://github.com/kyz/libmspack/commit/18b6a2cc0b87536015bedd4f7763e6b02d5aa4f3 https://bugs.debian.org/775499 http://openwall.com/lists/oss-security/2015/02/03/11 Description: Off-by-one error in the lzxd_decompress function in lzxd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (buffer under-read and application crash) via a crafted CAB archive. Ubuntu-Description: Notes: Bugs: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775499 Priority: medium (wrong-syntax) Discovered-by: Assigned-to: Patches_libmspack: upstream_libmspack: not-affected (0.5-1) precise_libmspack: DNE trusty_libmspack: needed utopic_libmspack: ignored (reached end-of-life) vivid_libmspack : released ( 0.4-3 ) devel_libmspack: not-affected unknown_libmspack: needed Patches_libmspack-anotherpkg: wrong-syntax wily_libmspack-anotherpkg: released ((0.1) utopic_libmspack-anotherpkg: not-affected trusty_libmspack-anotherpkg: needs-triage precise_libmspack-anotherpkg: released saucy_libmspack-anotherpkg: needed