Info

Disclosure

Oct 26, 2005

Discovery

Oct 24, 2005

Dates

Exploit

Unknown

Solution

Unknown

Description

A remote overflow exists in chmlib. The library function "_chm_decompress_block()" fails to perform proper bounds checking, resulting in a stack-based buffer overflow. With a specially crafted CHM file, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Upgrade to version 0.37 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

CHMlib

0.36

KchmViewer

1.0

References

Security Tracker: 1015120
Bugtraq ID: 15211
Secunia Advisory ID: 17325 17480 17494 17775 17776
CVE ID: 2005-3318 (see also: NVD)
ISS X-Force ID: 22885
Keyword: chm lib
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0536.html
Other Advisory URL: http://lists.suse.com/archive/suse-security-announce/2005-Nov/0001.html
http://www.debian.org/security/2005/dsa-886
http://www.gentoo.org/security/en/glsa/glsa-200511-23.xml
http://www.sven-tantau.de/public_files/chmlib/chmlib_20051126.txt
Vendor URL: http://morte.jedrea.com/%7Ejedwin/projects/chmlib/

Credit

Sven Tantau - svensven-tantau.de - Sven Tantau

Direct URL: http://osvdb.org/36218