Information on source package cabextract

Available versions

ReleaseVersion
jessie1.4-5
stretch1.6-1
buster1.9-1
bullseye1.9-3
sid1.9-3

Open issues

BugjessiestretchbusterbullseyesidDescription
CVE-2015-2060vulnerable (no DSA)fixedfixedfixedfixedcabextract before 1.6 does not properly check for leading slashes when ...

Resolved issues

BugDescription
TEMP-0000000-A4F3DEInvalid read in create_output_name
TEMP-0000000-970209Invalid read in ensure_filepath
CVE-2018-18584In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8 ...
CVE-2014-9556Integer overflow in the qtmd_decompress function in libmspack 0.4 allo ...
CVE-2010-2801Integer signedness error in the Quantum decompressor in cabextract bef ...
CVE-2010-2800The MS-ZIP decompressor in cabextract before 1.3 allows remote attacke ...
CVE-2004-0916Directory traversal vulnerability in cabextract before 1.1 allows remo ...

Security announcements

DSA / DLADescription
DSA-2087-1cabextract - arbitrary code execution
DSA-574-1cabextract - missing directory sanitising

Search for package or bug name: Reporting problems