| Max CVSS | 5.0 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2018-18586 | 5.0 |
chmextract.c in the chmextract sample program, as distributed with libmspack before 0.8alpha, does not protect against absolute/relative pathnames in CHM files, leading to Directory Traversal. NOTE: the vendor disputes that this is a libmspack vulner
|
05-08-2024 - 12:15 | 23-10-2018 - 02:29 | |
| CVE-2018-18584 | 4.3 |
In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.
|
25-10-2022 - 16:49 | 23-10-2018 - 02:29 | |
| CVE-2018-18585 | 4.3 |
chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name).
|
25-10-2022 - 16:47 | 23-10-2018 - 02:29 |