Hole in CHMlib Open Source library
Service provider iDefense has reported a vulnerability in the CHMlib Open Source library that attackers can exploit to get control of a victim's computer. Among other things, CHMlib allows the well-known CHM help files from Windows to be displayed under Linux, for instance in the xchm program or other applications. In addition, ebooks are increasingly being sold in the CHM format.
Specially prepared CHM files allow the stack pointer to be manipulated. Code can then be injected onto the stack and launched with the user's rights. The flaw was found in version 0.38, but previous versions are probably also affected. This flaw has been remedied in version 0.39.
- Multiple Vendor libchm Page Block Length Memory Corruption Vulnerability, iDefense's security advisory
(ehe)