MidnightBSD

Advisories for cabextract_project

CVE-2004-0916 MEDIUM

Directory traversal vulnerability in cabextract before 1.1 allows remote attackers to overwrite arbitrary files via a cabinet file containing .. (dot dot) sequences in a filename.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
cabextract_project cabextract 0.2
cabextract_project cabextract 1.0
cabextract_project cabextract 0.6
CVE-2010-2800 MEDIUM

The MS-ZIP decompressor in cabextract before 1.3 allows remote attackers to cause a denial of service (infinite loop) via a malformed MSZIP archive in a .cab file during a (1) test or (2) extract action, related to the libmspack library.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
cabextract_project cabextract 0.5
cabextract_project cabextract 0.3
cabextract_project cabextract 0.2
cabextract_project cabextract 1.1
cabextract_project cabextract *
cabextract_project cabextract 0.4
cabextract_project cabextract 1.0
cabextract_project cabextract 0.6
cabextract_project cabextract 0.1
CVE-2010-2801 MEDIUM

Integer signedness error in the Quantum decompressor in cabextract before 1.3, when archive test mode is used, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Quantum archive in a .cab file, related to the libmspack library.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
cabextract_project cabextract 0.5
cabextract_project cabextract 0.3
cabextract_project cabextract 0.2
cabextract_project cabextract 1.1
cabextract_project cabextract *
cabextract_project cabextract 0.4
cabextract_project cabextract 1.0
cabextract_project cabextract 0.6
cabextract_project cabextract 0.1
CVE-2015-2060 MEDIUM

cabextract before 1.6 does not properly check for leading slashes when extracting files, which allows remote attackers to conduct absolute directory traversal attacks via a malformed UTF-8 character that is changed to a UTF-8 encoded slash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
cabextract_project cabextract *
CVE-2018-14679 MEDIUM

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-193,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.04
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 14.04
redhat enterprise_linux_desktop 7.0
debian debian_linux 9.0
canonical ubuntu_linux 18.04
debian debian_linux 8.0
canonical ubuntu_linux 16.04
cabextract libmspack 0.5
redhat ansible_tower 3.3
cabextract libmspack 0.4
redhat enterprise_linux_workstation 7.0
cabextract libmspack 0.0.20060920
cabextract libmspack 0.3
cabextract_project cabextract *
cabextract libmspack 0.6
CVE-2018-14680 MEDIUM

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.04
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 14.04
redhat enterprise_linux_desktop 7.0
debian debian_linux 9.0
canonical ubuntu_linux 18.04
debian debian_linux 8.0
canonical ubuntu_linux 16.04
cabextract libmspack 0.5
redhat ansible_tower 3.3
cabextract libmspack 0.4
redhat enterprise_linux_workstation 7.0
cabextract libmspack 0.0.20060920
cabextract libmspack 0.3
cabextract_project cabextract *
cabextract libmspack 0.6
CVE-2018-14681 MEDIUM

An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.04
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 14.04
redhat enterprise_linux_desktop 7.0
debian debian_linux 9.0
canonical ubuntu_linux 18.04
debian debian_linux 8.0
canonical ubuntu_linux 16.04
cabextract libmspack 0.5
redhat ansible_tower 3.3
cabextract libmspack 0.4
redhat enterprise_linux_workstation 7.0
cabextract libmspack 0.0.20060920
cabextract libmspack 0.3
cabextract_project cabextract *
cabextract libmspack 0.6
CVE-2018-14682 MEDIUM

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-193,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.04
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 14.04
redhat enterprise_linux_desktop 7.0
debian debian_linux 9.0
canonical ubuntu_linux 18.04
debian debian_linux 8.0
canonical ubuntu_linux 16.04
cabextract libmspack 0.5
redhat ansible_tower 3.3
cabextract libmspack 0.4
redhat enterprise_linux_workstation 7.0
cabextract libmspack 0.0.20060920
cabextract libmspack 0.3
cabextract_project cabextract *
cabextract libmspack 0.6
CVE-2018-18584 MEDIUM

In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.04
redhat enterprise_linux 7.0
libmspack_project libmspack 0.6
canonical ubuntu_linux 14.04
canonical ubuntu_linux 18.04
debian debian_linux 8.0
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.10
libmspack_project libmspack 0.7
suse linux_enterprise_server 11
libmspack_project libmspack 0.4
libmspack_project libmspack 0.5
libmspack_project libmspack 0.3
starwindsoftware starwind_virtual_san -
cabextract_project cabextract *
suse linux_enterprise_server 12
libmspack_project libmspack 0.7.1