VulnerableCode Package Details - pkg:deb/ubuntu/cabextract@1.6-1

Search for packages

Package details: pkg:deb/ubuntu/cabextract@1.6-1

Essentials
History (0)

purl	pkg:deb/ubuntu/cabextract@1.6-1

Next non-vulnerable version	1.6-1.1
Latest non-vulnerable version	1.6-1.1
Risk	3.1

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-a3zp-cm4d-aaah Aliases: CVE-2014-9556	Integer overflow in the qtmd_decompress function in libmspack 0.4 allows remote attackers to cause a denial of service (hang) via a crafted CAB file, which triggers an infinite loop.	1.6-1.1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-324x-qevr-aaaq	cabextract before 1.6 does not properly check for leading slashes when extracting files, which allows remote attackers to conduct absolute directory traversal attacks via a malformed UTF-8 character that is changed to a UTF-8 encoded slash.	CVE-2015-2060

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version