Search for packages
Package details: pkg:deb/debian/cabextract@1.2-3%2Blenny1
purl pkg:deb/debian/cabextract@1.2-3%2Blenny1
Next non-vulnerable version 1.6-1
Latest non-vulnerable version 1.6-1
Risk 3.1
Vulnerabilities affecting this package (5)
Vulnerability Summary Fixed by
VCID-324x-qevr-aaaq
Aliases:
CVE-2015-2060
cabextract before 1.6 does not properly check for leading slashes when extracting files, which allows remote attackers to conduct absolute directory traversal attacks via a malformed UTF-8 character that is changed to a UTF-8 encoded slash.
1.6-1
Affected by 0 other vulnerabilities.
VCID-4p44-7jvz-aaad
Aliases:
CVE-2010-2801
Integer signedness error in the Quantum decompressor in cabextract before 1.3, when archive test mode is used, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Quantum archive in a .cab file, related to the libmspack library.
1.3-1
Affected by 3 other vulnerabilities.
VCID-4pxy-6rjv-aaae
Aliases:
CVE-2018-18584
In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.
1.4-5
Affected by 1 other vulnerability.
VCID-a3zp-cm4d-aaah
Aliases:
CVE-2014-9556
Integer overflow in the qtmd_decompress function in libmspack 0.4 allows remote attackers to cause a denial of service (hang) via a crafted CAB file, which triggers an infinite loop.
1.4-5
Affected by 1 other vulnerability.
VCID-qdsf-s4m4-aaag
Aliases:
CVE-2010-2800
The MS-ZIP decompressor in cabextract before 1.3 allows remote attackers to cause a denial of service (infinite loop) via a malformed MSZIP archive in a .cab file during a (1) test or (2) extract action, related to the libmspack library.
1.3-1
Affected by 3 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-21T17:00:53.550019+00:00 Debian Oval Importer Affected by VCID-4pxy-6rjv-aaae https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T16:37:03.764934+00:00 Debian Oval Importer Affected by VCID-a3zp-cm4d-aaah https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T14:00:01.188458+00:00 Debian Oval Importer Affected by VCID-4p44-7jvz-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T13:59:50.585295+00:00 Debian Oval Importer Affected by VCID-qdsf-s4m4-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T13:05:44.730019+00:00 Debian Oval Importer Affected by VCID-324x-qevr-aaaq https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T00:30:29.261850+00:00 Debian Oval Importer Affected by VCID-qdsf-s4m4-aaag None 36.1.3
2025-06-21T00:22:15.058091+00:00 Debian Oval Importer Affected by VCID-a3zp-cm4d-aaah None 36.1.3
2025-06-20T23:57:20.131294+00:00 Debian Oval Importer Affected by VCID-4pxy-6rjv-aaae None 36.1.3
2025-06-20T21:49:33.349067+00:00 Debian Oval Importer Affected by VCID-324x-qevr-aaaq None 36.1.3
2025-06-20T21:06:00.481097+00:00 Debian Oval Importer Affected by VCID-4p44-7jvz-aaad None 36.1.3
2025-06-08T12:55:45.942012+00:00 Debian Oval Importer Affected by VCID-a3zp-cm4d-aaah https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T12:43:07.447647+00:00 Debian Oval Importer Affected by VCID-4pxy-6rjv-aaae https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T09:45:56.547518+00:00 Debian Oval Importer Affected by VCID-4pxy-6rjv-aaae https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T09:22:39.985664+00:00 Debian Oval Importer Affected by VCID-a3zp-cm4d-aaah https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T06:54:09.055386+00:00 Debian Oval Importer Affected by VCID-4p44-7jvz-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T06:53:58.761236+00:00 Debian Oval Importer Affected by VCID-qdsf-s4m4-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T06:00:36.803139+00:00 Debian Oval Importer Affected by VCID-324x-qevr-aaaq https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-07T17:53:08.541749+00:00 Debian Oval Importer Affected by VCID-qdsf-s4m4-aaag None 36.1.0
2025-06-07T17:45:04.235857+00:00 Debian Oval Importer Affected by VCID-a3zp-cm4d-aaah None 36.1.0
2025-06-07T17:20:14.160886+00:00 Debian Oval Importer Affected by VCID-4pxy-6rjv-aaae None 36.1.0
2025-06-07T15:12:41.027492+00:00 Debian Oval Importer Affected by VCID-324x-qevr-aaaq None 36.1.0
2025-06-07T14:31:57.314624+00:00 Debian Oval Importer Affected by VCID-4p44-7jvz-aaad None 36.1.0
2025-04-12T20:58:32.614192+00:00 Debian Oval Importer Affected by VCID-4p44-7jvz-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T20:11:20.683062+00:00 Debian Oval Importer Affected by VCID-qdsf-s4m4-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T20:05:03.530367+00:00 Debian Oval Importer Affected by VCID-324x-qevr-aaaq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:43:00.511297+00:00 Debian Oval Importer Affected by VCID-a3zp-cm4d-aaah https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:29:56.959801+00:00 Debian Oval Importer Affected by VCID-4pxy-6rjv-aaae https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-08T08:18:15.041001+00:00 Debian Oval Importer Affected by VCID-4pxy-6rjv-aaae https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T07:54:56.179180+00:00 Debian Oval Importer Affected by VCID-a3zp-cm4d-aaah https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T05:26:37.854527+00:00 Debian Oval Importer Affected by VCID-4p44-7jvz-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T05:26:27.288320+00:00 Debian Oval Importer Affected by VCID-qdsf-s4m4-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T04:32:32.777597+00:00 Debian Oval Importer Affected by VCID-324x-qevr-aaaq https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-07T16:29:53.020352+00:00 Debian Oval Importer Affected by VCID-qdsf-s4m4-aaag None 36.0.0
2025-04-07T16:21:16.745885+00:00 Debian Oval Importer Affected by VCID-a3zp-cm4d-aaah None 36.0.0
2025-04-07T15:54:14.715981+00:00 Debian Oval Importer Affected by VCID-4pxy-6rjv-aaae None 36.0.0
2025-04-07T13:44:23.205140+00:00 Debian Oval Importer Affected by VCID-324x-qevr-aaaq None 36.0.0
2025-04-07T13:04:04.797261+00:00 Debian Oval Importer Affected by VCID-4p44-7jvz-aaad None 36.0.0
2024-11-27T19:42:21.367654+00:00 Debian Oval Importer Affected by VCID-4p44-7jvz-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-11-27T19:40:41.256719+00:00 Debian Oval Importer Affected by VCID-qdsf-s4m4-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-10-13T12:10:21.726691+00:00 Debian Oval Importer Affected by VCID-4p44-7jvz-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-10-13T12:09:43.354366+00:00 Debian Oval Importer Affected by VCID-qdsf-s4m4-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-09-20T23:12:43.856798+00:00 Debian Oval Importer Affected by VCID-4p44-7jvz-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1
2024-09-20T23:12:38.814500+00:00 Debian Oval Importer Affected by VCID-qdsf-s4m4-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1