{"id":"CVE-2018-14682","details":"An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.","modified":"2026-04-16T06:16:14.087720397Z","published":"2018-07-28T23:29:00.390Z","related":["SUSE-SU-2018:3250-1","SUSE-SU-2018:3436-1","SUSE-SU-2018:3436-2","SUSE-SU-2018:3441-1","SUSE-SU-2021:2765-1","SUSE-SU-2021:2802-1","openSUSE-SU-2021:1200-1","openSUSE-SU-2021:2802-1","openSUSE-SU-2024:10958-1"],"references":[{"type":"ADVISORY","url":"https://usn.ubuntu.com/3789-2/"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2018/07/26/1"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:3327"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3728-2/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2018/dsa-4260"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1041410"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:3505"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2018/08/msg00007.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201903-20"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3728-1/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3728-3/"},{"type":"FIX","url":"https://bugs.debian.org/904800"},{"type":"FIX","url":"https://github.com/kyz/libmspack/commit/4fd9ccaa54e1aebde1e4b95fb0163b699fd7bcc8"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/kyz/libmspack","events":[{"introduced":"0"},{"last_affected":"25be5e56c1f140dfed754073c7dc374fd4d3010a"},{"introduced":"0"},{"last_affected":"a22627dd5180e0ce9c558d0c10b174c760085f57"},{"introduced":"0"},{"last_affected":"164fb2d23a0894b726b72a047d34191d64a18104"},{"introduced":"0"},{"last_affected":"03296dd44347ab3111ba23b8e3945e2b537b6275"},{"introduced":"0"},{"last_affected":"a2b36d2f477a183c046b66c731936fa56eba53b4"},{"introduced":"0"},{"last_affected":"1668a2a82aac259c9bbc6356648b79411fa7db0d"},{"fixed":"4fd9ccaa54e1aebde1e4b95fb0163b699fd7bcc8"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.0.20060920-alpha"},{"introduced":"0"},{"last_affected":"0.3-alpha"},{"introduced":"0"},{"last_affected":"0.4-alpha"},{"introduced":"0"},{"last_affected":"0.5-alpha"},{"introduced":"0"},{"last_affected":"0.6-alpha"},{"introduced":"0"},{"last_affected":"1.5"}]}}],"versions":["v0.0.20060920alpha","v0.3alpha","v0.4alpha","v0.5alpha","v0.6alpha","v1.0","v1.1","v1.2","v1.3","v1.4","v1.5"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-14682.json","vanir_signatures_modified":"2026-04-11T12:27:35Z","vanir_signatures":[{"source":"https://github.com/kyz/libmspack/commit/4fd9ccaa54e1aebde1e4b95fb0163b699fd7bcc8","signature_type":"Line","target":{"file":"libmspack/mspack/chmd.c"},"signature_version":"v1","digest":{"line_hashes":["281670956274223246577000571300676145113","8328464798769891185091737502904899358","287500466610264771543633729059261512912","98908307968248524670377173822699994738"],"threshold":0.9},"id":"CVE-2018-14682-71a5f2e9","deprecated":false}],"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"12.04"}]},{"events":[{"introduced":"0"},{"last_affected":"14.04"}]},{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"3.3"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}