Cabextract Cabextractproject Cabextract

Do you want an email whenever new security vulnerabilities are reported in Cabextractproject Cabextract?

By the Year

In 2022 there have been 0 vulnerabilities in Cabextractproject Cabextract . Cabextract did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2022 0 0.00
2021 0 0.00
2020 0 0.00
2019 0 0.00
2018 5 7.42

It may take a day or so for new Cabextract vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Cabextractproject Cabextract Security Vulnerabilities

In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8

CVE-2018-18584 6.5 - Medium - October 23, 2018

In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.

Memory Corruption

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha

CVE-2018-14679 6.5 - Medium - July 28, 2018

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash).

off-by-five

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha

CVE-2018-14680 6.5 - Medium - July 28, 2018

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.

Improper Input Validation

An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha

CVE-2018-14681 8.8 - High - July 28, 2018

An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.

Memory Corruption

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha

CVE-2018-14682 8.8 - High - July 28, 2018

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.

off-by-five

The MS-ZIP decompressor in cabextract before 1.3

CVE-2010-2800 - August 09, 2010

The MS-ZIP decompressor in cabextract before 1.3 allows remote attackers to cause a denial of service (infinite loop) via a malformed MSZIP archive in a .cab file during a (1) test or (2) extract action, related to the libmspack library.

Resource Management Errors

Integer signedness error in the Quantum decompressor in cabextract before 1.3, when archive test mode is used

CVE-2010-2801 - August 09, 2010

Integer signedness error in the Quantum decompressor in cabextract before 1.3, when archive test mode is used, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Quantum archive in a .cab file, related to the libmspack library.

Numeric Errors

Directory traversal vulnerability in cabextract before 1.1

CVE-2004-0916 - January 27, 2005

Directory traversal vulnerability in cabextract before 1.1 allows remote attackers to overwrite arbitrary files via a cabinet file containing .. (dot dot) sequences in a filename.

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Cabextractproject Cabextract or by Cabextractproject? Click the Watch button to subscribe.

subscribe