VulnerableCode Package Details - pkg:deb/debian/cabextract@1.4-5

Search for packages

Vulnerability	Summary	Fixed by
VCID-wmcy-fbqv-jyad Aliases: CVE-2015-2060	cabextract before 1.6 does not properly check for leading slashes when extracting files, which allows remote attackers to conduct absolute directory traversal attacks via a malformed UTF-8 character that is changed to a UTF-8 encoded slash.	1.6-1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-wmcy-fbqv-jyad
Aliases:
CVE-2015-2060

cabextract before 1.6 does not properly check for leading slashes when extracting files, which allows remote attackers to conduct absolute directory traversal attacks via a malformed UTF-8 character that is changed to a UTF-8 encoded slash.

1.6-1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-35vw-agja-w7du	Integer overflow in the qtmd_decompress function in libmspack 0.4 allows remote attackers to cause a denial of service (hang) via a crafted CAB file, which triggers an infinite loop.	CVE-2014-9556
VCID-gc7q-6qf2-73dw	Multiple vulnerabilities have been found in cabextract and libmspack, the worst of which could result in a Denial of Service.	CVE-2018-18584

Vulnerability

Summary

Aliases

VCID-35vw-agja-w7du

Integer overflow in the qtmd_decompress function in libmspack 0.4 allows remote attackers to cause a denial of service (hang) via a crafted CAB file, which triggers an infinite loop.

CVE-2014-9556

VCID-gc7q-6qf2-73dw

Multiple vulnerabilities have been found in cabextract and libmspack, the worst of which could result in a Denial of Service.

CVE-2018-18584

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-15T21:05:17.556910+00:00	Debian Oval Importer	Affected by	VCID-wmcy-fbqv-jyad	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T18:57:33.706526+00:00	Debian Oval Importer	Fixing	VCID-35vw-agja-w7du	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T18:37:04.215591+00:00	Debian Oval Importer	Fixing	VCID-gc7q-6qf2-73dw	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-11T20:45:21.463004+00:00	Debian Oval Importer	Affected by	VCID-wmcy-fbqv-jyad	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T18:41:46.049990+00:00	Debian Oval Importer	Fixing	VCID-35vw-agja-w7du	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T18:21:39.418503+00:00	Debian Oval Importer	Fixing	VCID-gc7q-6qf2-73dw	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-08T20:25:11.240277+00:00	Debian Oval Importer	Affected by	VCID-wmcy-fbqv-jyad	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T18:26:52.542354+00:00	Debian Oval Importer	Fixing	VCID-35vw-agja-w7du	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T18:07:40.571943+00:00	Debian Oval Importer	Fixing	VCID-gc7q-6qf2-73dw	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0