VulnerableCode Package Details - pkg:deb/debian/cabextract@1.4-3

Search for packages

Vulnerability	Summary	Fixed by
VCID-324x-qevr-aaaq Aliases: CVE-2015-2060	cabextract before 1.6 does not properly check for leading slashes when extracting files, which allows remote attackers to conduct absolute directory traversal attacks via a malformed UTF-8 character that is changed to a UTF-8 encoded slash.	1.6-1 Affected by 0 other vulnerabilities.
VCID-4pxy-6rjv-aaae Aliases: CVE-2018-18584	In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.	1.4-5 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-a3zp-cm4d-aaah Aliases: CVE-2014-9556	Integer overflow in the qtmd_decompress function in libmspack 0.4 allows remote attackers to cause a denial of service (hang) via a crafted CAB file, which triggers an infinite loop.	1.4-5 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-324x-qevr-aaaq
Aliases:
CVE-2015-2060

cabextract before 1.6 does not properly check for leading slashes when extracting files, which allows remote attackers to conduct absolute directory traversal attacks via a malformed UTF-8 character that is changed to a UTF-8 encoded slash.

1.6-1
Affected by 0 other vulnerabilities.

VCID-4pxy-6rjv-aaae
Aliases:
CVE-2018-18584

In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.

1.4-5
Affected by 1 other vulnerability.

VCID-a3zp-cm4d-aaah
Aliases:
CVE-2014-9556

Integer overflow in the qtmd_decompress function in libmspack 0.4 allows remote attackers to cause a denial of service (hang) via a crafted CAB file, which triggers an infinite loop.

1.4-5
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-21T17:00:53.555199+00:00	Debian Oval Importer	Affected by	VCID-4pxy-6rjv-aaae	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T16:37:03.769432+00:00	Debian Oval Importer	Affected by	VCID-a3zp-cm4d-aaah	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T13:05:44.733176+00:00	Debian Oval Importer	Affected by	VCID-324x-qevr-aaaq	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T00:22:15.062129+00:00	Debian Oval Importer	Affected by	VCID-a3zp-cm4d-aaah	None	36.1.3
2025-06-20T23:57:20.135519+00:00	Debian Oval Importer	Affected by	VCID-4pxy-6rjv-aaae	None	36.1.3
2025-06-20T21:49:33.353622+00:00	Debian Oval Importer	Affected by	VCID-324x-qevr-aaaq	None	36.1.3
2025-06-08T12:55:45.945047+00:00	Debian Oval Importer	Affected by	VCID-a3zp-cm4d-aaah	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.0
2025-06-08T12:43:07.451381+00:00	Debian Oval Importer	Affected by	VCID-4pxy-6rjv-aaae	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.0
2025-06-08T09:45:56.551116+00:00	Debian Oval Importer	Affected by	VCID-4pxy-6rjv-aaae	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T09:22:39.988749+00:00	Debian Oval Importer	Affected by	VCID-a3zp-cm4d-aaah	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T06:00:36.806185+00:00	Debian Oval Importer	Affected by	VCID-324x-qevr-aaaq	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-07T17:45:04.238883+00:00	Debian Oval Importer	Affected by	VCID-a3zp-cm4d-aaah	None	36.1.0
2025-06-07T17:20:14.163880+00:00	Debian Oval Importer	Affected by	VCID-4pxy-6rjv-aaae	None	36.1.0
2025-06-07T15:12:41.031070+00:00	Debian Oval Importer	Affected by	VCID-324x-qevr-aaaq	None	36.1.0
2025-04-12T20:05:03.540701+00:00	Debian Oval Importer	Affected by	VCID-324x-qevr-aaaq	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T18:43:00.521292+00:00	Debian Oval Importer	Affected by	VCID-a3zp-cm4d-aaah	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T18:29:56.969760+00:00	Debian Oval Importer	Affected by	VCID-4pxy-6rjv-aaae	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-08T08:18:15.050913+00:00	Debian Oval Importer	Affected by	VCID-4pxy-6rjv-aaae	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T07:54:56.188921+00:00	Debian Oval Importer	Affected by	VCID-a3zp-cm4d-aaah	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T04:32:32.788109+00:00	Debian Oval Importer	Affected by	VCID-324x-qevr-aaaq	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-07T16:21:16.756612+00:00	Debian Oval Importer	Affected by	VCID-a3zp-cm4d-aaah	None	36.0.0
2025-04-07T15:54:14.726940+00:00	Debian Oval Importer	Affected by	VCID-4pxy-6rjv-aaae	None	36.0.0
2025-04-07T13:44:23.217211+00:00	Debian Oval Importer	Affected by	VCID-324x-qevr-aaaq	None	36.0.0