Search for packages
Package details: pkg:deb/debian/cabextract@1.3-1
purl pkg:deb/debian/cabextract@1.3-1
Next non-vulnerable version 1.6-1
Latest non-vulnerable version 1.6-1
Risk 3.1
Vulnerabilities affecting this package (3)
Vulnerability Summary Fixed by
VCID-324x-qevr-aaaq
Aliases:
CVE-2015-2060
cabextract before 1.6 does not properly check for leading slashes when extracting files, which allows remote attackers to conduct absolute directory traversal attacks via a malformed UTF-8 character that is changed to a UTF-8 encoded slash.
1.6-1
Affected by 0 other vulnerabilities.
VCID-4pxy-6rjv-aaae
Aliases:
CVE-2018-18584
In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.
1.4-5
Affected by 1 other vulnerability.
VCID-a3zp-cm4d-aaah
Aliases:
CVE-2014-9556
Integer overflow in the qtmd_decompress function in libmspack 0.4 allows remote attackers to cause a denial of service (hang) via a crafted CAB file, which triggers an infinite loop.
1.4-5
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-4p44-7jvz-aaad Integer signedness error in the Quantum decompressor in cabextract before 1.3, when archive test mode is used, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Quantum archive in a .cab file, related to the libmspack library. CVE-2010-2801
VCID-qdsf-s4m4-aaag The MS-ZIP decompressor in cabextract before 1.3 allows remote attackers to cause a denial of service (infinite loop) via a malformed MSZIP archive in a .cab file during a (1) test or (2) extract action, related to the libmspack library. CVE-2010-2800

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-21T17:00:53.552629+00:00 Debian Oval Importer Affected by VCID-4pxy-6rjv-aaae https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T16:37:03.767119+00:00 Debian Oval Importer Affected by VCID-a3zp-cm4d-aaah https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T14:00:01.191277+00:00 Debian Oval Importer Fixing VCID-4p44-7jvz-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T13:59:50.587830+00:00 Debian Oval Importer Fixing VCID-qdsf-s4m4-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T13:05:44.731623+00:00 Debian Oval Importer Affected by VCID-324x-qevr-aaaq https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T00:30:29.263916+00:00 Debian Oval Importer Fixing VCID-qdsf-s4m4-aaag None 36.1.3
2025-06-21T00:22:15.060046+00:00 Debian Oval Importer Affected by VCID-a3zp-cm4d-aaah None 36.1.3
2025-06-20T23:57:20.133404+00:00 Debian Oval Importer Affected by VCID-4pxy-6rjv-aaae None 36.1.3
2025-06-20T21:49:33.351316+00:00 Debian Oval Importer Affected by VCID-324x-qevr-aaaq None 36.1.3
2025-06-20T21:06:00.483216+00:00 Debian Oval Importer Fixing VCID-4p44-7jvz-aaad None 36.1.3
2025-06-08T12:55:45.943550+00:00 Debian Oval Importer Affected by VCID-a3zp-cm4d-aaah https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T12:43:07.449523+00:00 Debian Oval Importer Affected by VCID-4pxy-6rjv-aaae https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T09:45:56.549301+00:00 Debian Oval Importer Affected by VCID-4pxy-6rjv-aaae https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T09:22:39.987209+00:00 Debian Oval Importer Affected by VCID-a3zp-cm4d-aaah https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T06:54:09.056911+00:00 Debian Oval Importer Fixing VCID-4p44-7jvz-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T06:53:58.762791+00:00 Debian Oval Importer Fixing VCID-qdsf-s4m4-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T06:00:36.804668+00:00 Debian Oval Importer Affected by VCID-324x-qevr-aaaq https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-07T17:53:08.543320+00:00 Debian Oval Importer Fixing VCID-qdsf-s4m4-aaag None 36.1.0
2025-06-07T17:45:04.237386+00:00 Debian Oval Importer Affected by VCID-a3zp-cm4d-aaah None 36.1.0
2025-06-07T17:20:14.162382+00:00 Debian Oval Importer Affected by VCID-4pxy-6rjv-aaae None 36.1.0
2025-06-07T15:12:41.029286+00:00 Debian Oval Importer Affected by VCID-324x-qevr-aaaq None 36.1.0
2025-06-07T14:31:57.325653+00:00 Debian Oval Importer Fixing VCID-4p44-7jvz-aaad None 36.1.0
2025-04-12T20:58:32.619157+00:00 Debian Oval Importer Fixing VCID-4p44-7jvz-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T20:11:20.687980+00:00 Debian Oval Importer Fixing VCID-qdsf-s4m4-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T20:05:03.535432+00:00 Debian Oval Importer Affected by VCID-324x-qevr-aaaq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:43:00.516299+00:00 Debian Oval Importer Affected by VCID-a3zp-cm4d-aaah https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:29:56.964853+00:00 Debian Oval Importer Affected by VCID-4pxy-6rjv-aaae https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-08T08:18:15.045987+00:00 Debian Oval Importer Affected by VCID-4pxy-6rjv-aaae https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T07:54:56.184108+00:00 Debian Oval Importer Affected by VCID-a3zp-cm4d-aaah https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T05:26:37.859524+00:00 Debian Oval Importer Fixing VCID-4p44-7jvz-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T05:26:27.293422+00:00 Debian Oval Importer Fixing VCID-qdsf-s4m4-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T04:32:32.782873+00:00 Debian Oval Importer Affected by VCID-324x-qevr-aaaq https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-07T16:29:53.025175+00:00 Debian Oval Importer Fixing VCID-qdsf-s4m4-aaag None 36.0.0
2025-04-07T16:21:16.751273+00:00 Debian Oval Importer Affected by VCID-a3zp-cm4d-aaah None 36.0.0
2025-04-07T15:54:14.721333+00:00 Debian Oval Importer Affected by VCID-4pxy-6rjv-aaae None 36.0.0
2025-04-07T13:44:23.210590+00:00 Debian Oval Importer Affected by VCID-324x-qevr-aaaq None 36.0.0
2025-04-07T13:04:04.802057+00:00 Debian Oval Importer Fixing VCID-4p44-7jvz-aaad None 36.0.0
2024-11-27T19:42:21.372656+00:00 Debian Oval Importer Fixing VCID-4p44-7jvz-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-11-27T19:40:41.261807+00:00 Debian Oval Importer Fixing VCID-qdsf-s4m4-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-10-13T12:10:21.731389+00:00 Debian Oval Importer Fixing VCID-4p44-7jvz-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-10-13T12:09:43.359159+00:00 Debian Oval Importer Fixing VCID-qdsf-s4m4-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-09-20T23:12:43.862101+00:00 Debian Oval Importer Fixing VCID-4p44-7jvz-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1
2024-09-20T23:12:38.820681+00:00 Debian Oval Importer Fixing VCID-qdsf-s4m4-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1