Aggregates CVE and security vulnerability intelligence across all cabextract-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk memory corruption and vendor risk input validation and related security problems, affecting vendor surface software deployment and vendor surface production workloads scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2018-14682 | An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression. | [email protected] | 8.8 | 4.43% | 2018-07-28 | 2024-11-21 |
| CVE-2018-14681 | An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite. | [email protected] | 8.8 | 4.43% | 2018-07-28 | 2024-11-21 |
| CVE-2018-14680 | An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames. | [email protected] | 6.5 | 2.92% | 2018-07-28 | 2024-11-21 |
| CVE-2018-14679 | An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash). | [email protected] | 6.5 | 0.99% | 2018-07-28 | 2024-11-21 |