VulnerableCode Package Details - pkg:deb/debian/cabextract@1.4-3

Search for packages

Vulnerability	Summary	Fixed by
VCID-35vw-agja-w7du Aliases: CVE-2014-9556	Integer overflow in the qtmd_decompress function in libmspack 0.4 allows remote attackers to cause a denial of service (hang) via a crafted CAB file, which triggers an infinite loop.	1.4-5 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-gc7q-6qf2-73dw Aliases: CVE-2018-18584	Multiple vulnerabilities have been found in cabextract and libmspack, the worst of which could result in a Denial of Service.	1.4-5 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-wmcy-fbqv-jyad Aliases: CVE-2015-2060	cabextract before 1.6 does not properly check for leading slashes when extracting files, which allows remote attackers to conduct absolute directory traversal attacks via a malformed UTF-8 character that is changed to a UTF-8 encoded slash.	1.6-1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-35vw-agja-w7du
Aliases:
CVE-2014-9556

Integer overflow in the qtmd_decompress function in libmspack 0.4 allows remote attackers to cause a denial of service (hang) via a crafted CAB file, which triggers an infinite loop.

1.4-5
Affected by 1 other vulnerability.

VCID-gc7q-6qf2-73dw
Aliases:
CVE-2018-18584

Multiple vulnerabilities have been found in cabextract and libmspack, the worst of which could result in a Denial of Service.

1.4-5
Affected by 1 other vulnerability.

VCID-wmcy-fbqv-jyad
Aliases:
CVE-2015-2060

cabextract before 1.6 does not properly check for leading slashes when extracting files, which allows remote attackers to conduct absolute directory traversal attacks via a malformed UTF-8 character that is changed to a UTF-8 encoded slash.

1.6-1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-15T21:05:17.553547+00:00	Debian Oval Importer	Affected by	VCID-wmcy-fbqv-jyad	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T18:57:33.702987+00:00	Debian Oval Importer	Affected by	VCID-35vw-agja-w7du	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T18:37:04.211797+00:00	Debian Oval Importer	Affected by	VCID-gc7q-6qf2-73dw	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-11T20:45:21.459365+00:00	Debian Oval Importer	Affected by	VCID-wmcy-fbqv-jyad	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T18:41:46.046337+00:00	Debian Oval Importer	Affected by	VCID-35vw-agja-w7du	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T18:21:39.415008+00:00	Debian Oval Importer	Affected by	VCID-gc7q-6qf2-73dw	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-08T20:25:11.235740+00:00	Debian Oval Importer	Affected by	VCID-wmcy-fbqv-jyad	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T18:26:52.538018+00:00	Debian Oval Importer	Affected by	VCID-35vw-agja-w7du	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T18:07:40.566821+00:00	Debian Oval Importer	Affected by	VCID-gc7q-6qf2-73dw	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0