Cabextract Project Cabextract vulnerabilities

CVE-2015-2060 [MEDIUM] CWE-22 CVE-2015-2060: cabextract before 1.6 does not properly check for leading slashes when extracting files, which allow cabextract before 1.6 does not properly check for leading slashes when extracting files, which allows remote attackers to conduct absolute directory traversal attacks via a malformed UTF-8 character that is changed to a UTF-8 encoded slash.

CVE-2018-18584 [MEDIUM] CWE-787 CVE-2018-18584: In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer i In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.

CVE-2018-14682 [HIGH] CWE-193 CVE-2018-14682: An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.

CVE-2018-14681 [HIGH] CWE-787 CVE-2018-14681: An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KW An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.

CVE-2018-14679 [MEDIUM] CWE-193 CVE-2018-14679: An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash).

CVE-2018-14680 [MEDIUM] CWE-20 CVE-2018-14680: An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.

CVE-2014-9556 [MEDIUM] CVE-2014-9556: Integer overflow in the qtmd_decompress function in libmspack 0 Integer overflow in the qtmd_decompress function in libmspack 0.4 allows remote attackers to cause a denial of service (hang) via a crafted CAB file, which triggers an infinite loop.

CVE-2010-2801 [MEDIUM] CWE-189 CVE-2010-2801: Integer signedness error in the Quantum decompressor in cabextract before 1.3, when archive test mod Integer signedness error in the Quantum decompressor in cabextract before 1.3, when archive test mode is used, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Quantum archive in a .cab file, related to the libmspack library.

CVE-2010-2800 [MEDIUM] CWE-399 CVE-2010-2800: The MS-ZIP decompressor in cabextract before 1.3 allows remote attackers to cause a denial of servic The MS-ZIP decompressor in cabextract before 1.3 allows remote attackers to cause a denial of service (infinite loop) via a malformed MSZIP archive in a .cab file during a (1) test or (2) extract action, related to the libmspack library.

CVE-2004-0916 [MEDIUM] CVE-2004-0916: Directory traversal vulnerability in cabextract before 1.1 allows remote attackers to overwrite arbi Directory traversal vulnerability in cabextract before 1.1 allows remote attackers to overwrite arbitrary files via a cabinet file containing .. (dot dot) sequences in a filename.