2 matches found
CVE-2018-18584
CVE-2018-18584 affects libmspack and cabextract. In mspack/cab.h, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write (before 0.8alpha for libmspack and before 1.8 for cabextract). Remediation involves upgrading to fixed versions (e.g....
CVE-2018-18585
CVE-2018-18585 affects libmspack prior to 0.8alpha, where chmd_read_headers in mspack/chmd.c accepts a filename with a NULL byte as the first or second character (e.g., "/\0"). Multiple downstream advisories reference this CVE and link to libmspack updates; Amazon Linux 2 ALAS2-2019-1310 explicit...