Directory traversal vulnerability in cabextract before 1.1 allows remote attackers to overwrite arbitrary files via a cabinet file containing .. (dot dot) sequences in a filename.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cabextract_project | cabextract | 0.2 |
| cabextract_project | cabextract | 1.0 |
| cabextract_project | cabextract | 0.6 |
The MS-ZIP decompressor in cabextract before 1.3 allows remote attackers to cause a denial of service (infinite loop) via a malformed MSZIP archive in a .cab file during a (1) test or (2) extract action, related to the libmspack library.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cabextract_project | cabextract | 0.5 |
| cabextract_project | cabextract | 0.3 |
| cabextract_project | cabextract | 0.2 |
| cabextract_project | cabextract | 1.1 |
| cabextract_project | cabextract | * |
| cabextract_project | cabextract | 0.4 |
| cabextract_project | cabextract | 1.0 |
| cabextract_project | cabextract | 0.6 |
| cabextract_project | cabextract | 0.1 |
Integer signedness error in the Quantum decompressor in cabextract before 1.3, when archive test mode is used, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Quantum archive in a .cab file, related to the libmspack library.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cabextract_project | cabextract | 0.5 |
| cabextract_project | cabextract | 0.3 |
| cabextract_project | cabextract | 0.2 |
| cabextract_project | cabextract | 1.1 |
| cabextract_project | cabextract | * |
| cabextract_project | cabextract | 0.4 |
| cabextract_project | cabextract | 1.0 |
| cabextract_project | cabextract | 0.6 |
| cabextract_project | cabextract | 0.1 |
cabextract before 1.6 does not properly check for leading slashes when extracting files, which allows remote attackers to conduct absolute directory traversal attacks via a malformed UTF-8 character that is changed to a UTF-8 encoded slash.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cabextract_project | cabextract | * |
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash).
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-193,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 12.04 |
| redhat | enterprise_linux_server | 7.0 |
| canonical | ubuntu_linux | 14.04 |
| redhat | enterprise_linux_desktop | 7.0 |
| debian | debian_linux | 9.0 |
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 8.0 |
| canonical | ubuntu_linux | 16.04 |
| cabextract | libmspack | 0.5 |
| redhat | ansible_tower | 3.3 |
| cabextract | libmspack | 0.4 |
| redhat | enterprise_linux_workstation | 7.0 |
| cabextract | libmspack | 0.0.20060920 |
| cabextract | libmspack | 0.3 |
| cabextract_project | cabextract | * |
| cabextract | libmspack | 0.6 |
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 12.04 |
| redhat | enterprise_linux_server | 7.0 |
| canonical | ubuntu_linux | 14.04 |
| redhat | enterprise_linux_desktop | 7.0 |
| debian | debian_linux | 9.0 |
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 8.0 |
| canonical | ubuntu_linux | 16.04 |
| cabextract | libmspack | 0.5 |
| redhat | ansible_tower | 3.3 |
| cabextract | libmspack | 0.4 |
| redhat | enterprise_linux_workstation | 7.0 |
| cabextract | libmspack | 0.0.20060920 |
| cabextract | libmspack | 0.3 |
| cabextract_project | cabextract | * |
| cabextract | libmspack | 0.6 |
An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 12.04 |
| redhat | enterprise_linux_server | 7.0 |
| canonical | ubuntu_linux | 14.04 |
| redhat | enterprise_linux_desktop | 7.0 |
| debian | debian_linux | 9.0 |
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 8.0 |
| canonical | ubuntu_linux | 16.04 |
| cabextract | libmspack | 0.5 |
| redhat | ansible_tower | 3.3 |
| cabextract | libmspack | 0.4 |
| redhat | enterprise_linux_workstation | 7.0 |
| cabextract | libmspack | 0.0.20060920 |
| cabextract | libmspack | 0.3 |
| cabextract_project | cabextract | * |
| cabextract | libmspack | 0.6 |
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-193,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 12.04 |
| redhat | enterprise_linux_server | 7.0 |
| canonical | ubuntu_linux | 14.04 |
| redhat | enterprise_linux_desktop | 7.0 |
| debian | debian_linux | 9.0 |
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 8.0 |
| canonical | ubuntu_linux | 16.04 |
| cabextract | libmspack | 0.5 |
| redhat | ansible_tower | 3.3 |
| cabextract | libmspack | 0.4 |
| redhat | enterprise_linux_workstation | 7.0 |
| cabextract | libmspack | 0.0.20060920 |
| cabextract | libmspack | 0.3 |
| cabextract_project | cabextract | * |
| cabextract | libmspack | 0.6 |
In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 12.04 |
| redhat | enterprise_linux | 7.0 |
| libmspack_project | libmspack | 0.6 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 8.0 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 18.10 |
| libmspack_project | libmspack | 0.7 |
| suse | linux_enterprise_server | 11 |
| libmspack_project | libmspack | 0.4 |
| libmspack_project | libmspack | 0.5 |
| libmspack_project | libmspack | 0.3 |
| starwindsoftware | starwind_virtual_san | - |
| cabextract_project | cabextract | * |
| suse | linux_enterprise_server | 12 |
| libmspack_project | libmspack | 0.7.1 |