Cabextract Security Vulnerabilities
cabextract before 1.6 does not properly check for leading slashes when extracting files, which allows remote attackers to conduct absolute directory traversal attacks via a malformed UTF-8 character that is changed to a UTF-8 encoded...
5.3CVSS
5.1AI Score
0.004EPSS
In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds...
6.5CVSS
6.5AI Score
0.345EPSS
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM...
6.5CVSS
7.2AI Score
0.006EPSS
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM...
8.8CVSS
8.5AI Score
0.006EPSS
An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte...
8.8CVSS
8.4AI Score
0.005EPSS
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application...
6.5CVSS
7AI Score
0.009EPSS
Integer signedness error in the Quantum decompressor in cabextract before 1.3, when archive test mode is used, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Quantum archive in a .cab file, related to the...
7.5AI Score
0.117EPSS
The MS-ZIP decompressor in cabextract before 1.3 allows remote attackers to cause a denial of service (infinite loop) via a malformed MSZIP archive in a .cab file during a (1) test or (2) extract action, related to the libmspack...
6.3AI Score
0.032EPSS
Directory traversal vulnerability in cabextract before 1.1 allows remote attackers to overwrite arbitrary files via a cabinet file containing .. (dot dot) sequences in a...
6.5AI Score
0.009EPSS