Package cabextract updated to version 1.6-alt1 for branch sisyphus in task 158192.

Published: 2017-11-26

BDU:2020-01873

Уязвимость функции kwajd_read_headers библиотеки Libmspack и утилиты разархивации CAB-файлов СabExtract, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2018-14681

Published: 2018-07-29
Modified: 2024-11-21

CVE-2018-14679

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash).

Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Published: 2018-07-29
Modified: 2024-11-21

CVE-2018-14680

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.

Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Published: 2018-07-29
Modified: 2024-11-21

CVE-2018-14681

An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2018-07-29
Modified: 2024-11-21

CVE-2018-14682

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Version: 2.1.0

Package cabextract update in sisyphus on 2016-02-07

ALT-PU-2016-1082-1

Closed vulnerabilities

BDU:2020-01873

CVE-2018-14679

CVE-2018-14680

CVE-2018-14681

CVE-2018-14682