Lucene search
K
Cabextract ProjectCabextract

9 matches found

CVE
CVE
added 2018/07/28 11:0 p.m.272 views

CVE-2018-14679

CVE-2018-14679 affects libmspack (mspack/chmd.c) with an off-by-one error in CHM PMGI/PMGL chunk number validation, reported to cause a denial of service through an uninitialized data dereference and crash when using versions before 0.7alpha. Connected advisories (ALAS-2019-1152, RH/CentOS errata...

6.5CVSS7.1AI score0.03312EPSS
CVE
CVE
added 2018/07/28 11:0 p.m.254 views

CVE-2018-14681

The CVE-2018-14681 entry concerns libmspack (component: kwajd_read_headers in mspack/kwajd.c) with an off-by-one/file header extension handling issue in versions before 0.7alpha. The vulnerability allows a one- or two-byte overwrite caused by Bad KWAJ file header extensions, as documented in the ...

8.8CVSS7.3AI score0.03806EPSS
CVE
CVE
added 2018/07/28 11:0 p.m.249 views

CVE-2018-14682

CVE-2018-14682 affects libmspack (CHM decompression) with an off-by-one error in the TOLOWER() macro in mspack/chmd.c (pre-0.7alpha). Related advisories note additional CHM/CHM-related issues (14679, 14680) and KWAD header issues (14681). Affected: libmspack; potential impact described in advisor...

8.8CVSS7.4AI score0.03806EPSS
CVE
CVE
added 2018/07/28 11:0 p.m.193 views

CVE-2018-14680

CVE-2018-14680 affects libmspack (mspack/chmd.c) prior to 0.7alpha. The vulnerability arises because CHM decompression does not reject blank CHM filenames, enabling an input that could lead to a partial impact on availability (per CVSS metrics). The issue is documented as an off-by-one/invalid-da...

6.5CVSS7.3AI score0.03753EPSS
CVE
CVE
added 2018/10/23 12:0 a.m.179 views

CVE-2018-18584

CVE-2018-18584 affects libmspack and cabextract. In mspack/cab.h, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write (before 0.8alpha for libmspack and before 1.8 for cabextract). Remediation involves upgrading to fixed versions (e.g....

6.5CVSS6.6AI score0.03086EPSS
CVE
CVE
added 2019/11/29 8:55 p.m.72 views

CVE-2015-2060

CVE-2015-2060 affects cabextract prior to 1.6. The vulnerability arises because cabextract does not properly check for leading slashes when extracting files, allowing an attacker to perform absolute directory traversal via a malformed UTF-8 character that is changed to a UTF-8 encoded slash. This...

5.3CVSS5.1AI score0.02308EPSS
CVE
CVE
added 2010/08/06 7:31 p.m.68 views

CVE-2010-2801

CVE-2010-2801 (cabextract, related libmspack/Quantum decompressor) suffers an integer signedness error in the Quantum decompressor when testing archives, potentially enabling a remote attacker to cause a crash or execute arbitrary code via a crafted .cab file. Affected versions are cabextract pri...

5.1CVSS7.7AI score0.04027EPSS
CVE
CVE
added 2010/08/06 7:31 p.m.60 views

CVE-2010-2800

The CVE-2010-2800 entry concerns cabextract (libmspack) with a vulnerability in the MS-ZIP decompressor. The issue allows a remote attacker to trigger a denial-of-service (infinite loop) when processing a malformed MSZIP archive inside a .cab file, during either test or extract actions. The descr...

4.3CVSS6.4AI score0.02286EPSS
CVE
CVE
added 2004/11/19 5:0 a.m.51 views

CVE-2004-0916

cabextract versions prior to 1.1 are affected by a directory traversal vulnerability that allows remote attackers to overwrite arbitrary files via cabinet files containing ".." in a filename. The flaw is described consistently across CVE-2004-0916 entries (NVD and OSV), indicating that untrusted ...

5CVSS6.4AI score0.03588EPSS