Vulnerabilities > Cabextract Project
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-29 | CVE-2015-2060 | Path Traversal vulnerability in Cabextract Project Cabextract cabextract before 1.6 does not properly check for leading slashes when extracting files, which allows remote attackers to conduct absolute directory traversal attacks via a malformed UTF-8 character that is changed to a UTF-8 encoded slash. | 5.3 |
| 2018-10-23 | CVE-2018-18584 | Out-of-bounds Write vulnerability in multiple products In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write. network low complexity libmspack-project cabextract-project debian redhat canonical suse starwindsoftware CWE-787 | 6.5 |
| 2018-07-28 | CVE-2018-14682 | Off-by-one Error vulnerability in multiple products An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. | 8.8 |
| 2018-07-28 | CVE-2018-14681 | Out-of-bounds Write vulnerability in multiple products An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. | 8.8 |
| 2018-07-28 | CVE-2018-14680 | Improper Input Validation vulnerability in multiple products An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. | 6.5 |
| 2018-07-28 | CVE-2018-14679 | Off-by-one Error vulnerability in multiple products An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. | 6.5 |