| Max CVSS | 6.8 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2018-18586 | 5.0 |
chmextract.c in the chmextract sample program, as distributed with libmspack before 0.8alpha, does not protect against absolute/relative pathnames in CHM files, leading to Directory Traversal. NOTE: the vendor disputes that this is a libmspack vulner
|
05-08-2024 - 12:15 | 23-10-2018 - 02:29 | |
| CVE-2018-18584 | 4.3 |
In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.
|
25-10-2022 - 16:49 | 23-10-2018 - 02:29 | |
| CVE-2018-18585 | 4.3 |
chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name).
|
25-10-2022 - 16:47 | 23-10-2018 - 02:29 | |
| CVE-2018-14682 | 6.8 |
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.
|
26-04-2021 - 11:45 | 28-07-2018 - 23:29 | |
| CVE-2018-14681 | 6.8 |
An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.
|
26-04-2021 - 11:45 | 28-07-2018 - 23:29 | |
| CVE-2018-14680 | 4.3 |
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.
|
26-04-2021 - 11:45 | 28-07-2018 - 23:29 | |
| CVE-2018-14679 | 4.3 |
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash).
|
26-04-2021 - 11:45 | 28-07-2018 - 23:29 |