Vulnerabilities (CVE)

Filtered by vendor Libmspack Project Subscribe

Filtered by product Libmspack

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2018-18584	6 Cabextract Project, Canonical, Debian and 3 more	6 Cabextract, Ubuntu Linux, Debian Linux and 3 more	2021-05-12	4.3 MEDIUM	6.5 MEDIUM
In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.
CVE-2017-11423	2 Clamav, Libmspack Project	2 Clamav, Libmspack	2019-10-03	4.3 MEDIUM	5.5 MEDIUM
The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2 and other products, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file.