Search for packages
Package details: pkg:deb/debian/cabextract@1.2-2
purl pkg:deb/debian/cabextract@1.2-2
Next non-vulnerable version 1.6-1
Latest non-vulnerable version 1.6-1
Risk 3.1
Vulnerabilities affecting this package (5)
Vulnerability Summary Fixed by
VCID-324x-qevr-aaaq
Aliases:
CVE-2015-2060
cabextract before 1.6 does not properly check for leading slashes when extracting files, which allows remote attackers to conduct absolute directory traversal attacks via a malformed UTF-8 character that is changed to a UTF-8 encoded slash.
1.6-1
Affected by 0 other vulnerabilities.
VCID-4p44-7jvz-aaad
Aliases:
CVE-2010-2801
Integer signedness error in the Quantum decompressor in cabextract before 1.3, when archive test mode is used, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Quantum archive in a .cab file, related to the libmspack library.
1.3-1
Affected by 3 other vulnerabilities.
VCID-4pxy-6rjv-aaae
Aliases:
CVE-2018-18584
In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.
1.4-5
Affected by 1 other vulnerability.
VCID-a3zp-cm4d-aaah
Aliases:
CVE-2014-9556
Integer overflow in the qtmd_decompress function in libmspack 0.4 allows remote attackers to cause a denial of service (hang) via a crafted CAB file, which triggers an infinite loop.
1.4-5
Affected by 1 other vulnerability.
VCID-qdsf-s4m4-aaag
Aliases:
CVE-2010-2800
The MS-ZIP decompressor in cabextract before 1.3 allows remote attackers to cause a denial of service (infinite loop) via a malformed MSZIP archive in a .cab file during a (1) test or (2) extract action, related to the libmspack library.
1.3-1
Affected by 3 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-21T17:00:53.547926+00:00 Debian Oval Importer Affected by VCID-4pxy-6rjv-aaae https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T16:37:03.762725+00:00 Debian Oval Importer Affected by VCID-a3zp-cm4d-aaah https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T14:00:01.185999+00:00 Debian Oval Importer Affected by VCID-4p44-7jvz-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T13:59:50.583010+00:00 Debian Oval Importer Affected by VCID-qdsf-s4m4-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T13:05:44.728302+00:00 Debian Oval Importer Affected by VCID-324x-qevr-aaaq https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T00:30:29.259033+00:00 Debian Oval Importer Affected by VCID-qdsf-s4m4-aaag None 36.1.3
2025-06-21T00:22:15.056100+00:00 Debian Oval Importer Affected by VCID-a3zp-cm4d-aaah None 36.1.3
2025-06-20T23:57:20.129189+00:00 Debian Oval Importer Affected by VCID-4pxy-6rjv-aaae None 36.1.3
2025-06-20T21:49:33.346801+00:00 Debian Oval Importer Affected by VCID-324x-qevr-aaaq None 36.1.3
2025-06-20T21:06:00.478897+00:00 Debian Oval Importer Affected by VCID-4p44-7jvz-aaad None 36.1.3
2025-06-08T12:55:45.940494+00:00 Debian Oval Importer Affected by VCID-a3zp-cm4d-aaah https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T12:43:07.446016+00:00 Debian Oval Importer Affected by VCID-4pxy-6rjv-aaae https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T09:45:56.545669+00:00 Debian Oval Importer Affected by VCID-4pxy-6rjv-aaae https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T09:22:39.984146+00:00 Debian Oval Importer Affected by VCID-a3zp-cm4d-aaah https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T06:54:09.053886+00:00 Debian Oval Importer Affected by VCID-4p44-7jvz-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T06:53:58.759728+00:00 Debian Oval Importer Affected by VCID-qdsf-s4m4-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T06:00:36.801663+00:00 Debian Oval Importer Affected by VCID-324x-qevr-aaaq https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-07T17:53:08.540100+00:00 Debian Oval Importer Affected by VCID-qdsf-s4m4-aaag None 36.1.0
2025-06-07T17:45:04.234322+00:00 Debian Oval Importer Affected by VCID-a3zp-cm4d-aaah None 36.1.0
2025-06-07T17:20:14.159371+00:00 Debian Oval Importer Affected by VCID-4pxy-6rjv-aaae None 36.1.0
2025-06-07T15:12:41.025715+00:00 Debian Oval Importer Affected by VCID-324x-qevr-aaaq None 36.1.0
2025-06-07T14:31:57.313120+00:00 Debian Oval Importer Affected by VCID-4p44-7jvz-aaad None 36.1.0
2025-04-12T20:58:32.609345+00:00 Debian Oval Importer Affected by VCID-4p44-7jvz-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T20:11:20.678129+00:00 Debian Oval Importer Affected by VCID-qdsf-s4m4-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T20:05:03.525360+00:00 Debian Oval Importer Affected by VCID-324x-qevr-aaaq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:43:00.506250+00:00 Debian Oval Importer Affected by VCID-a3zp-cm4d-aaah https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:29:56.954822+00:00 Debian Oval Importer Affected by VCID-4pxy-6rjv-aaae https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-08T08:18:15.035955+00:00 Debian Oval Importer Affected by VCID-4pxy-6rjv-aaae https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T07:54:56.174224+00:00 Debian Oval Importer Affected by VCID-a3zp-cm4d-aaah https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T05:26:37.849604+00:00 Debian Oval Importer Affected by VCID-4p44-7jvz-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T05:26:27.283013+00:00 Debian Oval Importer Affected by VCID-qdsf-s4m4-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T04:32:32.772313+00:00 Debian Oval Importer Affected by VCID-324x-qevr-aaaq https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-07T16:29:53.015456+00:00 Debian Oval Importer Affected by VCID-qdsf-s4m4-aaag None 36.0.0
2025-04-07T16:21:16.740508+00:00 Debian Oval Importer Affected by VCID-a3zp-cm4d-aaah None 36.0.0
2025-04-07T15:54:14.710680+00:00 Debian Oval Importer Affected by VCID-4pxy-6rjv-aaae None 36.0.0
2025-04-07T13:44:23.199536+00:00 Debian Oval Importer Affected by VCID-324x-qevr-aaaq None 36.0.0
2025-04-07T13:04:04.792384+00:00 Debian Oval Importer Affected by VCID-4p44-7jvz-aaad None 36.0.0
2024-11-27T19:42:21.362663+00:00 Debian Oval Importer Affected by VCID-4p44-7jvz-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-11-27T19:40:41.251940+00:00 Debian Oval Importer Affected by VCID-qdsf-s4m4-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-10-13T12:10:21.721918+00:00 Debian Oval Importer Affected by VCID-4p44-7jvz-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-10-13T12:09:43.349619+00:00 Debian Oval Importer Affected by VCID-qdsf-s4m4-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-09-20T23:12:43.851616+00:00 Debian Oval Importer Affected by VCID-4p44-7jvz-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1
2024-09-20T23:12:38.808272+00:00 Debian Oval Importer Affected by VCID-qdsf-s4m4-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1