VYPR
Vendor

Cabextract Project

Products
1
CVEs
5
Across products
5
Status
Private

Products

1

Recent CVEs

5
  • CVE-2015-2060Nov 29, 2019
    risk 0.01cvss epss 0.02

    cabextract before 1.6 does not properly check for leading slashes when extracting files, which allows remote attackers to conduct absolute directory traversal attacks via a malformed UTF-8 character that is changed to a UTF-8 encoded slash.

  • CVE-2018-18584Oct 23, 2018
    risk 0.00cvss epss 0.03

    In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.

  • CVE-2010-2801Aug 9, 2010
    risk 0.00cvss epss 0.04

    Integer signedness error in the Quantum decompressor in cabextract before 1.3, when archive test mode is used, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Quantum archive in a .cab file,…

  • CVE-2010-2800Aug 9, 2010
    risk 0.00cvss epss 0.02

    The MS-ZIP decompressor in cabextract before 1.3 allows remote attackers to cause a denial of service (infinite loop) via a malformed MSZIP archive in a .cab file during a (1) test or (2) extract action, related to the libmspack library.

  • CVE-2004-0916Jan 27, 2005
    risk 0.00cvss epss 0.04

    Directory traversal vulnerability in cabextract before 1.1 allows remote attackers to overwrite arbitrary files via a cabinet file containing .. (dot dot) sequences in a filename.