Vulnerabilities > Cabextract Project
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-23 | CVE-2018-18584 | Out-of-bounds Write vulnerability in multiple products In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write. network low complexity libmspack-project cabextract-project debian redhat canonical suse starwindsoftware CWE-787 | 6.5 |
| 2018-07-28 | CVE-2018-14682 | Off-by-one Error vulnerability in multiple products An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. | 6.8 |
| 2018-07-28 | CVE-2018-14681 | Out-of-bounds Write vulnerability in multiple products An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. | 6.8 |
| 2018-07-28 | CVE-2018-14680 | Improper Input Validation vulnerability in multiple products An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. | 4.3 |
| 2018-07-28 | CVE-2018-14679 | Off-by-one Error vulnerability in multiple products An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. | 4.3 |
| 2010-08-09 | CVE-2010-2801 | Numeric Errors vulnerability in Cabextract Project Cabextract Integer signedness error in the Quantum decompressor in cabextract before 1.3, when archive test mode is used, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Quantum archive in a .cab file, related to the libmspack library. | 5.1 |
| 2010-08-09 | CVE-2010-2800 | Resource Management Errors vulnerability in Cabextract Project Cabextract The MS-ZIP decompressor in cabextract before 1.3 allows remote attackers to cause a denial of service (infinite loop) via a malformed MSZIP archive in a .cab file during a (1) test or (2) extract action, related to the libmspack library. | 4.3 |
| 2005-01-27 | CVE-2004-0916 | Unspecified vulnerability in Cabextract Project Cabextract 0.2/0.6/1.0 Directory traversal vulnerability in cabextract before 1.1 allows remote attackers to overwrite arbitrary files via a cabinet file containing .. | 5.0 |