Search for packages
| purl | pkg:ebuild/dev-libs/libmspack@0.8_alpha |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-6t2u-9bfn-1fa8 | An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash). |
CVE-2018-14679
|
| VCID-8dps-z16n-vygg | An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames. |
CVE-2018-14680
|
| VCID-9jzc-r4s3-t7hw | chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name). |
CVE-2018-18585
|
| VCID-pmnq-db1b-dydr | chmextract.c in the chmextract sample program, as distributed with libmspack before 0.8alpha, does not protect against absolute/relative pathnames in CHM files, leading to Directory Traversal. NOTE: the vendor disputes that this is a libmspack vulnerability, because chmextract.c was only intended as a source-code example, not a supported application |
CVE-2018-18586
|
| VCID-vjq6-2zgg-ffft | An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression. |
CVE-2018-14682
|
| VCID-y83a-pxe4-ybgp | An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite. |
CVE-2018-14681
|
| VCID-yv7x-1cfs-cybe | In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write. |
CVE-2018-18584
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-04T19:13:02.352555+00:00 | Gentoo Importer | Fixing | VCID-pmnq-db1b-dydr | https://security.gentoo.org/glsa/201903-20 | 38.6.0 |
| 2026-06-04T19:13:02.318421+00:00 | Gentoo Importer | Fixing | VCID-9jzc-r4s3-t7hw | https://security.gentoo.org/glsa/201903-20 | 38.6.0 |
| 2026-06-04T19:13:02.284250+00:00 | Gentoo Importer | Fixing | VCID-yv7x-1cfs-cybe | https://security.gentoo.org/glsa/201903-20 | 38.6.0 |
| 2026-06-04T19:13:02.249891+00:00 | Gentoo Importer | Fixing | VCID-vjq6-2zgg-ffft | https://security.gentoo.org/glsa/201903-20 | 38.6.0 |
| 2026-06-04T19:13:02.215178+00:00 | Gentoo Importer | Fixing | VCID-y83a-pxe4-ybgp | https://security.gentoo.org/glsa/201903-20 | 38.6.0 |
| 2026-06-04T19:13:02.180316+00:00 | Gentoo Importer | Fixing | VCID-8dps-z16n-vygg | https://security.gentoo.org/glsa/201903-20 | 38.6.0 |
| 2026-06-04T19:13:02.144645+00:00 | Gentoo Importer | Fixing | VCID-6t2u-9bfn-1fa8 | https://security.gentoo.org/glsa/201903-20 | 38.6.0 |