9 matches found
CVE-2018-14679
CVE-2018-14679 affects libmspack (mspack/chmd.c) with an off-by-one error in CHM PMGI/PMGL chunk number validation, reported to cause a denial of service through an uninitialized data dereference and crash when using versions before 0.7alpha. Connected advisories (ALAS-2019-1152, RH/CentOS errata...
CVE-2018-14681
The CVE-2018-14681 entry concerns libmspack (component: kwajd_read_headers in mspack/kwajd.c) with an off-by-one/file header extension handling issue in versions before 0.7alpha. The vulnerability allows a one- or two-byte overwrite caused by Bad KWAJ file header extensions, as documented in the ...
CVE-2018-14682
CVE-2018-14682 affects libmspack (CHM decompression) with an off-by-one error in the TOLOWER() macro in mspack/chmd.c (pre-0.7alpha). Related advisories note additional CHM/CHM-related issues (14679, 14680) and KWAD header issues (14681). Affected: libmspack; potential impact described in advisor...
CVE-2018-14680
CVE-2018-14680 affects libmspack (mspack/chmd.c) prior to 0.7alpha. The vulnerability arises because CHM decompression does not reject blank CHM filenames, enabling an input that could lead to a partial impact on availability (per CVSS metrics). The issue is documented as an off-by-one/invalid-da...
CVE-2018-18584
CVE-2018-18584 affects libmspack and cabextract. In mspack/cab.h, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write (before 0.8alpha for libmspack and before 1.8 for cabextract). Remediation involves upgrading to fixed versions (e.g....
CVE-2015-2060
CVE-2015-2060 affects cabextract prior to 1.6. The vulnerability arises because cabextract does not properly check for leading slashes when extracting files, allowing an attacker to perform absolute directory traversal via a malformed UTF-8 character that is changed to a UTF-8 encoded slash. This...
CVE-2010-2801
CVE-2010-2801 (cabextract, related libmspack/Quantum decompressor) suffers an integer signedness error in the Quantum decompressor when testing archives, potentially enabling a remote attacker to cause a crash or execute arbitrary code via a crafted .cab file. Affected versions are cabextract pri...
CVE-2010-2800
The CVE-2010-2800 entry concerns cabextract (libmspack) with a vulnerability in the MS-ZIP decompressor. The issue allows a remote attacker to trigger a denial-of-service (infinite loop) when processing a malformed MSZIP archive inside a .cab file, during either test or extract actions. The descr...
CVE-2004-0916
cabextract versions prior to 1.1 are affected by a directory traversal vulnerability that allows remote attackers to overwrite arbitrary files via cabinet files containing ".." in a filename. The flaw is described consistently across CVE-2004-0916 entries (NVD and OSV), indicating that untrusted ...