VulnerableCode Package Details - pkg:deb/debian/cabextract@0.2-2b

Search for packages

Vulnerability	Summary	Fixed by
VCID-35vw-agja-w7du Aliases: CVE-2014-9556	Integer overflow in the qtmd_decompress function in libmspack 0.4 allows remote attackers to cause a denial of service (hang) via a crafted CAB file, which triggers an infinite loop.	1.4-5 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-gc7q-6qf2-73dw Aliases: CVE-2018-18584	Multiple vulnerabilities have been found in cabextract and libmspack, the worst of which could result in a Denial of Service.	1.4-5 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-gjcf-7y4r-uke7 Aliases: CVE-2004-0916	Directory traversal vulnerability in cabextract before 1.1 allows remote attackers to overwrite arbitrary files via a cabinet file containing .. (dot dot) sequences in a filename.	1.1-1 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-kqtz-dk8x-83c3 Aliases: CVE-2010-2801	Multiple vulnerabilities have been found in cabextract, allowing remote attackers to execute arbitrary code or cause a Denial of Service condition.	1.3-1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-wmcy-fbqv-jyad Aliases: CVE-2015-2060	cabextract before 1.6 does not properly check for leading slashes when extracting files, which allows remote attackers to conduct absolute directory traversal attacks via a malformed UTF-8 character that is changed to a UTF-8 encoded slash.	1.6-1 Affected by 0 other vulnerabilities.
VCID-y8y2-py26-x7fn Aliases: CVE-2010-2800	Multiple vulnerabilities have been found in cabextract, allowing remote attackers to execute arbitrary code or cause a Denial of Service condition.	1.3-1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-35vw-agja-w7du
Aliases:
CVE-2014-9556

Integer overflow in the qtmd_decompress function in libmspack 0.4 allows remote attackers to cause a denial of service (hang) via a crafted CAB file, which triggers an infinite loop.

1.4-5
Affected by 1 other vulnerability.

VCID-gc7q-6qf2-73dw
Aliases:
CVE-2018-18584

Multiple vulnerabilities have been found in cabextract and libmspack, the worst of which could result in a Denial of Service.

1.4-5
Affected by 1 other vulnerability.

VCID-gjcf-7y4r-uke7
Aliases:
CVE-2004-0916

Directory traversal vulnerability in cabextract before 1.1 allows remote attackers to overwrite arbitrary files via a cabinet file containing .. (dot dot) sequences in a filename.

1.1-1
Affected by 5 other vulnerabilities.

VCID-kqtz-dk8x-83c3
Aliases:
CVE-2010-2801

Multiple vulnerabilities have been found in cabextract, allowing remote attackers to execute arbitrary code or cause a Denial of Service condition.

1.3-1
Affected by 3 other vulnerabilities.

VCID-wmcy-fbqv-jyad
Aliases:
CVE-2015-2060

cabextract before 1.6 does not properly check for leading slashes when extracting files, which allows remote attackers to conduct absolute directory traversal attacks via a malformed UTF-8 character that is changed to a UTF-8 encoded slash.

1.6-1
Affected by 0 other vulnerabilities.

VCID-y8y2-py26-x7fn
Aliases:
CVE-2010-2800

Multiple vulnerabilities have been found in cabextract, allowing remote attackers to execute arbitrary code or cause a Denial of Service condition.

1.3-1
Affected by 3 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-15T22:29:15.835251+00:00	Debian Oval Importer	Affected by	VCID-kqtz-dk8x-83c3	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T21:14:50.698449+00:00	Debian Oval Importer	Affected by	VCID-y8y2-py26-x7fn	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T21:05:17.536197+00:00	Debian Oval Importer	Affected by	VCID-wmcy-fbqv-jyad	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T18:57:33.684861+00:00	Debian Oval Importer	Affected by	VCID-35vw-agja-w7du	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T18:37:04.192892+00:00	Debian Oval Importer	Affected by	VCID-gc7q-6qf2-73dw	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T18:20:06.122098+00:00	Debian Oval Importer	Affected by	VCID-gjcf-7y4r-uke7	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-11T22:06:20.749378+00:00	Debian Oval Importer	Affected by	VCID-kqtz-dk8x-83c3	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T20:54:36.009888+00:00	Debian Oval Importer	Affected by	VCID-y8y2-py26-x7fn	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T20:45:21.440863+00:00	Debian Oval Importer	Affected by	VCID-wmcy-fbqv-jyad	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T18:41:46.027971+00:00	Debian Oval Importer	Affected by	VCID-35vw-agja-w7du	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T18:21:39.397416+00:00	Debian Oval Importer	Affected by	VCID-gc7q-6qf2-73dw	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T18:05:20.007299+00:00	Debian Oval Importer	Affected by	VCID-gjcf-7y4r-uke7	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-08T21:43:10.613794+00:00	Debian Oval Importer	Affected by	VCID-kqtz-dk8x-83c3	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T20:34:02.102153+00:00	Debian Oval Importer	Affected by	VCID-y8y2-py26-x7fn	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T20:25:11.212758+00:00	Debian Oval Importer	Affected by	VCID-wmcy-fbqv-jyad	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T18:26:52.516422+00:00	Debian Oval Importer	Affected by	VCID-35vw-agja-w7du	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T18:07:40.541782+00:00	Debian Oval Importer	Affected by	VCID-gc7q-6qf2-73dw	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T17:51:49.559177+00:00	Debian Oval Importer	Affected by	VCID-gjcf-7y4r-uke7	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0