VulnerableCode Package Details - pkg:deb/ubuntu/cabextract@1.3-1

Search for packages

Package details: pkg:deb/ubuntu/cabextract@1.3-1

Essentials
History (0)

purl	pkg:deb/ubuntu/cabextract@1.3-1

Next non-vulnerable version	1.6-1.1
Latest non-vulnerable version	1.6-1.1
Risk	3.1

Vulnerabilities affecting this package (2)

Vulnerability	Summary	Fixed by
VCID-324x-qevr-aaaq Aliases: CVE-2015-2060	cabextract before 1.6 does not properly check for leading slashes when extracting files, which allows remote attackers to conduct absolute directory traversal attacks via a malformed UTF-8 character that is changed to a UTF-8 encoded slash.	1.6-1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-a3zp-cm4d-aaah Aliases: CVE-2014-9556	Integer overflow in the qtmd_decompress function in libmspack 0.4 allows remote attackers to cause a denial of service (hang) via a crafted CAB file, which triggers an infinite loop.	1.6-1.1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version