Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cabextract project cabextract vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2015-2060
cabextract prior to 1.6 does not properly check for leading slashes when extracting files, which allows remote malicious users to conduct absolute directory traversal attacks via a malformed UTF-8 character that is changed to a UTF-8 encoded slash.
Cabextract Project Cabextract
6.5
CVSSv3
CVE-2018-18584
In mspack/cab.h in libmspack prior to 0.8alpha and cabextract prior to 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.
Libmspack Project Libmspack 0.5
Cabextract Project Cabextract
Libmspack Project Libmspack 0.4
Libmspack Project Libmspack 0.3
Libmspack Project Libmspack 0.6
Libmspack Project Libmspack 0.7
Libmspack Project Libmspack 0.7.1
Debian Debian Linux 8.0
Redhat Enterprise Linux 7.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Suse Linux Enterprise Server 11
Suse Linux Enterprise Server 12
Starwindsoftware Starwind Virtual San -
6.5
CVSSv3
CVE-2018-14679
An issue exists in mspack/chmd.c in libmspack prior to 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash).
Cabextract Libmspack 0.6
Cabextract Libmspack 0.5
Cabextract Libmspack 0.4
Cabextract Libmspack 0.3
Cabextract Libmspack 0.0.20060920
Cabextract Project Cabextract
Debian Debian Linux 8.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Debian Debian Linux 9.0
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 18.04
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Redhat Ansible Tower 3.3
6.5
CVSSv3
CVE-2018-14680
An issue exists in mspack/chmd.c in libmspack prior to 0.7alpha. It does not reject blank CHM filenames.
Cabextract Libmspack 0.6
Cabextract Libmspack 0.5
Cabextract Libmspack 0.4
Cabextract Libmspack 0.3
Cabextract Libmspack 0.0.20060920
Cabextract Project Cabextract
Debian Debian Linux 8.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Debian Debian Linux 9.0
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 18.04
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Redhat Ansible Tower 3.3
8.8
CVSSv3
CVE-2018-14681
An issue exists in kwajd_read_headers in mspack/kwajd.c in libmspack prior to 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.
Cabextract Libmspack 0.6
Cabextract Libmspack 0.5
Cabextract Libmspack 0.4
Cabextract Libmspack 0.3
Cabextract Libmspack 0.0.20060920
Cabextract Project Cabextract
Debian Debian Linux 8.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Debian Debian Linux 9.0
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 18.04
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Redhat Ansible Tower 3.3
8.8
CVSSv3
CVE-2018-14682
An issue exists in mspack/chmd.c in libmspack prior to 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.
Cabextract Libmspack 0.6
Cabextract Libmspack 0.5
Cabextract Libmspack 0.4
Cabextract Libmspack 0.3
Cabextract Libmspack 0.0.20060920
Cabextract Project Cabextract
Debian Debian Linux 8.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Debian Debian Linux 9.0
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 18.04
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Redhat Ansible Tower 3.3
NA
CVE-2010-2801
Integer signedness error in the Quantum decompressor in cabextract prior to 1.3, when archive test mode is used, allows user-assisted remote malicious users to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Quantum archive in a .cab...
Cabextract Project Cabextract
Cabextract Project Cabextract 1.1
Cabextract Project Cabextract 0.4
Cabextract Project Cabextract 0.5
Cabextract Project Cabextract 0.1
Cabextract Project Cabextract 0.3
Cabextract Project Cabextract 0.2
Cabextract Project Cabextract 0.6
Cabextract Project Cabextract 1.0
NA
CVE-2010-2800
The MS-ZIP decompressor in cabextract prior to 1.3 allows remote malicious users to cause a denial of service (infinite loop) via a malformed MSZIP archive in a .cab file during a (1) test or (2) extract action, related to the libmspack library.
Cabextract Project Cabextract
Cabextract Project Cabextract 1.1
Cabextract Project Cabextract 0.4
Cabextract Project Cabextract 0.5
Cabextract Project Cabextract 0.1
Cabextract Project Cabextract 0.3
Cabextract Project Cabextract 0.2
Cabextract Project Cabextract 0.6
Cabextract Project Cabextract 1.0
NA
CVE-2004-0916
Directory traversal vulnerability in cabextract prior to 1.1 allows remote malicious users to overwrite arbitrary files via a cabinet file containing .. (dot dot) sequences in a filename.
Cabextract Project Cabextract 0.2
Cabextract Project Cabextract 0.6
Cabextract Project Cabextract 1.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started