rpm package
suse/libmspack&distro=SUSE Linux Enterprise Module for Basesystem 15
pkg:rpm/suse/libmspack&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-18585 | — | < 0.6-3.3.11 | 0.6-3.3.11 | Oct 23, 2018 | chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name). | ||
| CVE-2018-18584 | — | < 0.6-3.3.11 | 0.6-3.3.11 | Oct 23, 2018 | In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write. |
- CVE-2018-18585Oct 23, 2018affected < 0.6-3.3.11fixed 0.6-3.3.11
chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name).
- CVE-2018-18584Oct 23, 2018affected < 0.6-3.3.11fixed 0.6-3.3.11
In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.