{"url":"http://public2.vulnerablecode.io/api/packages/192207?format=json","purl":"pkg:ebuild/dev-libs/libmspack@1.8","type":"ebuild","namespace":"dev-libs","name":"libmspack","version":"1.8","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76526?format=json","vulnerability_id":"VCID-6t2u-9bfn-1fa8","summary":"An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14679.json","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14679.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14679","reference_id":"","reference_type":"","scores":[{"value":"0.00987","scoring_system":"epss","scoring_elements":"0.77193","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00987","scoring_system":"epss","scoring_elements":"0.77225","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00987","scoring_system":"epss","scoring_elements":"0.77234","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00987","scoring_system":"epss","scoring_elements":"0.77223","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14679"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14679","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14679"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14680","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14680"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14681","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14681"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14682","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14682"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1610890","reference_id":"1610890","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1610890"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904802","reference_id":"904802","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904802"},{"reference_url":"https://security.gentoo.org/glsa/201903-20","reference_id":"GLSA-201903-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201903-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3327","reference_id":"RHSA-2018:3327","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3327"},{"reference_url":"https://usn.ubuntu.com/3728-1/","reference_id":"USN-3728-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3728-1/"},{"reference_url":"https://usn.ubuntu.com/3728-2/","reference_id":"USN-3728-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3728-2/"},{"reference_url":"https://usn.ubuntu.com/3728-3/","reference_id":"USN-3728-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3728-3/"},{"reference_url":"https://usn.ubuntu.com/7788-1/","reference_id":"USN-7788-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7788-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/192206?format=json","purl":"pkg:ebuild/dev-libs/libmspack@0.8_alpha","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/libmspack@0.8_alpha"},{"url":"http://public2.vulnerablecode.io/api/packages/192207?format=json","purl":"pkg:ebuild/dev-libs/libmspack@1.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/libmspack@1.8"}],"aliases":["CVE-2018-14679"],"risk_score":1.8,"exploitability":"0.5","weighted_severity":"3.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6t2u-9bfn-1fa8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76527?format=json","vulnerability_id":"VCID-8dps-z16n-vygg","summary":"An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14680.json","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14680.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14680","reference_id":"","reference_type":"","scores":[{"value":"0.02922","scoring_system":"epss","scoring_elements":"0.8666","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02922","scoring_system":"epss","scoring_elements":"0.86682","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02922","scoring_system":"epss","scoring_elements":"0.86681","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02922","scoring_system":"epss","scoring_elements":"0.86677","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14680"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14679","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14679"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14680","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14680"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14681","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14681"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14682","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14682"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1610934","reference_id":"1610934","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1610934"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904801","reference_id":"904801","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904801"},{"reference_url":"https://security.gentoo.org/glsa/201903-20","reference_id":"GLSA-201903-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201903-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3327","reference_id":"RHSA-2018:3327","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3327"},{"reference_url":"https://usn.ubuntu.com/3728-1/","reference_id":"USN-3728-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3728-1/"},{"reference_url":"https://usn.ubuntu.com/3728-2/","reference_id":"USN-3728-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3728-2/"},{"reference_url":"https://usn.ubuntu.com/3728-3/","reference_id":"USN-3728-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3728-3/"},{"reference_url":"https://usn.ubuntu.com/7788-1/","reference_id":"USN-7788-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7788-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/192206?format=json","purl":"pkg:ebuild/dev-libs/libmspack@0.8_alpha","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/libmspack@0.8_alpha"},{"url":"http://public2.vulnerablecode.io/api/packages/192207?format=json","purl":"pkg:ebuild/dev-libs/libmspack@1.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/libmspack@1.8"}],"aliases":["CVE-2018-14680"],"risk_score":1.8,"exploitability":"0.5","weighted_severity":"3.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8dps-z16n-vygg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76530?format=json","vulnerability_id":"VCID-9jzc-r4s3-t7hw","summary":"chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\\0' as its first or second character (such as the \"/\\0\" name).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18585.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18585.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18585","reference_id":"","reference_type":"","scores":[{"value":"0.01307","scoring_system":"epss","scoring_elements":"0.80124","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01307","scoring_system":"epss","scoring_elements":"0.80149","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01307","scoring_system":"epss","scoring_elements":"0.80154","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18585"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18585","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18585"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1644215","reference_id":"1644215","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1644215"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911637","reference_id":"911637","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911637"},{"reference_url":"https://security.gentoo.org/glsa/201903-20","reference_id":"GLSA-201903-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201903-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2049","reference_id":"RHSA-2019:2049","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2049"},{"reference_url":"https://usn.ubuntu.com/3814-1/","reference_id":"USN-3814-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3814-1/"},{"reference_url":"https://usn.ubuntu.com/3814-2/","reference_id":"USN-3814-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3814-2/"},{"reference_url":"https://usn.ubuntu.com/3814-3/","reference_id":"USN-3814-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3814-3/"},{"reference_url":"https://usn.ubuntu.com/7788-1/","reference_id":"USN-7788-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7788-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/192206?format=json","purl":"pkg:ebuild/dev-libs/libmspack@0.8_alpha","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/libmspack@0.8_alpha"},{"url":"http://public2.vulnerablecode.io/api/packages/192207?format=json","purl":"pkg:ebuild/dev-libs/libmspack@1.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/libmspack@1.8"}],"aliases":["CVE-2018-18585"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9jzc-r4s3-t7hw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76531?format=json","vulnerability_id":"VCID-pmnq-db1b-dydr","summary":"chmextract.c in the chmextract sample program, as distributed with libmspack before 0.8alpha, does not protect against absolute/relative pathnames in CHM files, leading to Directory Traversal. NOTE: the vendor disputes that this is a libmspack vulnerability, because chmextract.c was only intended as a source-code example, not a supported application","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18586.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18586.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18586","reference_id":"","reference_type":"","scores":[{"value":"0.00606","scoring_system":"epss","scoring_elements":"0.70036","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00606","scoring_system":"epss","scoring_elements":"0.70077","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00606","scoring_system":"epss","scoring_elements":"0.70085","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00606","scoring_system":"epss","scoring_elements":"0.70068","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18586"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18586","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18586"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1644216","reference_id":"1644216","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1644216"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911639","reference_id":"911639","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911639"},{"reference_url":"https://security.gentoo.org/glsa/201903-20","reference_id":"GLSA-201903-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201903-20"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/192206?format=json","purl":"pkg:ebuild/dev-libs/libmspack@0.8_alpha","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/libmspack@0.8_alpha"},{"url":"http://public2.vulnerablecode.io/api/packages/192207?format=json","purl":"pkg:ebuild/dev-libs/libmspack@1.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/libmspack@1.8"}],"aliases":["CVE-2018-18586"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pmnq-db1b-dydr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76529?format=json","vulnerability_id":"VCID-vjq6-2zgg-ffft","summary":"An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14682.json","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14682.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14682","reference_id":"","reference_type":"","scores":[{"value":"0.04428","scoring_system":"epss","scoring_elements":"0.89222","published_at":"2026-06-04T12:55:00Z"},{"value":"0.04428","scoring_system":"epss","scoring_elements":"0.89239","published_at":"2026-06-07T12:55:00Z"},{"value":"0.04428","scoring_system":"epss","scoring_elements":"0.8924","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14682"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14679","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14679"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14680","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14680"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14681","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14681"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14682","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14682"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1610941","reference_id":"1610941","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1610941"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904800","reference_id":"904800","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904800"},{"reference_url":"https://security.gentoo.org/glsa/201903-20","reference_id":"GLSA-201903-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201903-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3327","reference_id":"RHSA-2018:3327","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3327"},{"reference_url":"https://usn.ubuntu.com/3728-1/","reference_id":"USN-3728-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3728-1/"},{"reference_url":"https://usn.ubuntu.com/3728-2/","reference_id":"USN-3728-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3728-2/"},{"reference_url":"https://usn.ubuntu.com/3728-3/","reference_id":"USN-3728-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3728-3/"},{"reference_url":"https://usn.ubuntu.com/7788-1/","reference_id":"USN-7788-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7788-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/192206?format=json","purl":"pkg:ebuild/dev-libs/libmspack@0.8_alpha","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/libmspack@0.8_alpha"},{"url":"http://public2.vulnerablecode.io/api/packages/192207?format=json","purl":"pkg:ebuild/dev-libs/libmspack@1.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/libmspack@1.8"}],"aliases":["CVE-2018-14682"],"risk_score":1.8,"exploitability":"0.5","weighted_severity":"3.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vjq6-2zgg-ffft"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76528?format=json","vulnerability_id":"VCID-y83a-pxe4-ybgp","summary":"An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14681.json","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14681.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14681","reference_id":"","reference_type":"","scores":[{"value":"0.04428","scoring_system":"epss","scoring_elements":"0.89222","published_at":"2026-06-04T12:55:00Z"},{"value":"0.04428","scoring_system":"epss","scoring_elements":"0.89239","published_at":"2026-06-07T12:55:00Z"},{"value":"0.04428","scoring_system":"epss","scoring_elements":"0.8924","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14681"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14679","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14679"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14680","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14680"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14681","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14681"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14682","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14682"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1610896","reference_id":"1610896","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1610896"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904799","reference_id":"904799","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904799"},{"reference_url":"https://security.gentoo.org/glsa/201903-20","reference_id":"GLSA-201903-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201903-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3327","reference_id":"RHSA-2018:3327","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3327"},{"reference_url":"https://usn.ubuntu.com/3728-1/","reference_id":"USN-3728-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3728-1/"},{"reference_url":"https://usn.ubuntu.com/3728-2/","reference_id":"USN-3728-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3728-2/"},{"reference_url":"https://usn.ubuntu.com/3728-3/","reference_id":"USN-3728-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3728-3/"},{"reference_url":"https://usn.ubuntu.com/7788-1/","reference_id":"USN-7788-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7788-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/192206?format=json","purl":"pkg:ebuild/dev-libs/libmspack@0.8_alpha","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/libmspack@0.8_alpha"},{"url":"http://public2.vulnerablecode.io/api/packages/192207?format=json","purl":"pkg:ebuild/dev-libs/libmspack@1.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/libmspack@1.8"}],"aliases":["CVE-2018-14681"],"risk_score":2.0,"exploitability":"0.5","weighted_severity":"4.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y83a-pxe4-ybgp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61721?format=json","vulnerability_id":"VCID-yv7x-1cfs-cybe","summary":"In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18584.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18584.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18584","reference_id":"","reference_type":"","scores":[{"value":"0.05833","scoring_system":"epss","scoring_elements":"0.90701","published_at":"2026-06-04T12:55:00Z"},{"value":"0.05833","scoring_system":"epss","scoring_elements":"0.90714","published_at":"2026-06-06T12:55:00Z"},{"value":"0.05833","scoring_system":"epss","scoring_elements":"0.90711","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18584"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18584","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18584"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1644214","reference_id":"1644214","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1644214"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911640","reference_id":"911640","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911640"},{"reference_url":"https://security.gentoo.org/glsa/201903-20","reference_id":"GLSA-201903-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201903-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2049","reference_id":"RHSA-2019:2049","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2049"},{"reference_url":"https://usn.ubuntu.com/3814-1/","reference_id":"USN-3814-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3814-1/"},{"reference_url":"https://usn.ubuntu.com/3814-2/","reference_id":"USN-3814-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3814-2/"},{"reference_url":"https://usn.ubuntu.com/3814-3/","reference_id":"USN-3814-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3814-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/192206?format=json","purl":"pkg:ebuild/dev-libs/libmspack@0.8_alpha","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/libmspack@0.8_alpha"},{"url":"http://public2.vulnerablecode.io/api/packages/192207?format=json","purl":"pkg:ebuild/dev-libs/libmspack@1.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/libmspack@1.8"}],"aliases":["CVE-2018-18584"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yv7x-1cfs-cybe"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/libmspack@1.8"}