2 matches found
CVE-2018-18584
CVE-2018-18584 affects libmspack and cabextract. In mspack/cab.h, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write (before 0.8alpha for libmspack and before 1.8 for cabextract). Remediation involves upgrading to fixed versions (e.g....
CVE-2015-2060
CVE-2015-2060 affects cabextract prior to 1.6. The vulnerability arises because cabextract does not properly check for leading slashes when extracting files, allowing an attacker to perform absolute directory traversal via a malformed UTF-8 character that is changed to a UTF-8 encoded slash. This...