{"url":"http://public2.vulnerablecode.io/api/packages/402282?format=json","purl":"pkg:apk/alpine/libmspack@0.8_alpha-r0?arch=aarch64&distroversion=v3.17&reponame=community","type":"apk","namespace":"alpine","name":"libmspack","version":"0.8_alpha-r0","qualifiers":{"arch":"aarch64","distroversion":"v3.17","reponame":"community"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"0.10.1_alpha-r0","latest_non_vulnerable_version":"0.10.1_alpha-r0","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76530?format=json","vulnerability_id":"VCID-9jzc-r4s3-t7hw","summary":"chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\\0' as its first or second character (such as the \"/\\0\" name).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18585.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18585.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18585","reference_id":"","reference_type":"","scores":[{"value":"0.01307","scoring_system":"epss","scoring_elements":"0.80124","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01307","scoring_system":"epss","scoring_elements":"0.80149","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01307","scoring_system":"epss","scoring_elements":"0.80154","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01307","scoring_system":"epss","scoring_elements":"0.80141","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01307","scoring_system":"epss","scoring_elements":"0.80161","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18585"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18585","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18585"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1644215","reference_id":"1644215","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1644215"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911637","reference_id":"911637","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911637"},{"reference_url":"https://security.gentoo.org/glsa/201903-20","reference_id":"GLSA-201903-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201903-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2049","reference_id":"RHSA-2019:2049","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2049"},{"reference_url":"https://usn.ubuntu.com/3814-1/","reference_id":"USN-3814-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3814-1/"},{"reference_url":"https://usn.ubuntu.com/3814-2/","reference_id":"USN-3814-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3814-2/"},{"reference_url":"https://usn.ubuntu.com/3814-3/","reference_id":"USN-3814-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3814-3/"},{"reference_url":"https://usn.ubuntu.com/7788-1/","reference_id":"USN-7788-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7788-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/402282?format=json","purl":"pkg:apk/alpine/libmspack@0.8_alpha-r0?arch=aarch64&distroversion=v3.17&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/libmspack@0.8_alpha-r0%3Farch=aarch64&distroversion=v3.17&reponame=community"}],"aliases":["CVE-2018-18585"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9jzc-r4s3-t7hw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76531?format=json","vulnerability_id":"VCID-pmnq-db1b-dydr","summary":"chmextract.c in the chmextract sample program, as distributed with libmspack before 0.8alpha, does not protect against absolute/relative pathnames in CHM files, leading to Directory Traversal. NOTE: the vendor disputes that this is a libmspack vulnerability, because chmextract.c was only intended as a source-code example, not a supported application","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18586.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18586.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18586","reference_id":"","reference_type":"","scores":[{"value":"0.00606","scoring_system":"epss","scoring_elements":"0.70036","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00606","scoring_system":"epss","scoring_elements":"0.70077","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00606","scoring_system":"epss","scoring_elements":"0.70085","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00606","scoring_system":"epss","scoring_elements":"0.70068","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00606","scoring_system":"epss","scoring_elements":"0.70055","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00606","scoring_system":"epss","scoring_elements":"0.70079","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18586"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18586","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18586"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1644216","reference_id":"1644216","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1644216"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911639","reference_id":"911639","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911639"},{"reference_url":"https://security.gentoo.org/glsa/201903-20","reference_id":"GLSA-201903-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201903-20"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/402282?format=json","purl":"pkg:apk/alpine/libmspack@0.8_alpha-r0?arch=aarch64&distroversion=v3.17&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/libmspack@0.8_alpha-r0%3Farch=aarch64&distroversion=v3.17&reponame=community"}],"aliases":["CVE-2018-18586"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pmnq-db1b-dydr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61721?format=json","vulnerability_id":"VCID-yv7x-1cfs-cybe","summary":"In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18584.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18584.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18584","reference_id":"","reference_type":"","scores":[{"value":"0.05833","scoring_system":"epss","scoring_elements":"0.90701","published_at":"2026-06-04T12:55:00Z"},{"value":"0.05833","scoring_system":"epss","scoring_elements":"0.90714","published_at":"2026-06-06T12:55:00Z"},{"value":"0.05833","scoring_system":"epss","scoring_elements":"0.90711","published_at":"2026-06-07T12:55:00Z"},{"value":"0.05833","scoring_system":"epss","scoring_elements":"0.90709","published_at":"2026-06-08T12:55:00Z"},{"value":"0.05833","scoring_system":"epss","scoring_elements":"0.90725","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18584"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18584","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18584"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1644214","reference_id":"1644214","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1644214"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911640","reference_id":"911640","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911640"},{"reference_url":"https://security.gentoo.org/glsa/201903-20","reference_id":"GLSA-201903-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201903-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2049","reference_id":"RHSA-2019:2049","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2049"},{"reference_url":"https://usn.ubuntu.com/3814-1/","reference_id":"USN-3814-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3814-1/"},{"reference_url":"https://usn.ubuntu.com/3814-2/","reference_id":"USN-3814-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3814-2/"},{"reference_url":"https://usn.ubuntu.com/3814-3/","reference_id":"USN-3814-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3814-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/402282?format=json","purl":"pkg:apk/alpine/libmspack@0.8_alpha-r0?arch=aarch64&distroversion=v3.17&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/libmspack@0.8_alpha-r0%3Farch=aarch64&distroversion=v3.17&reponame=community"}],"aliases":["CVE-2018-18584"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yv7x-1cfs-cybe"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/libmspack@0.8_alpha-r0%3Farch=aarch64&distroversion=v3.17&reponame=community"}