VDB
GCVE-110-MAGEIA-2018-455
GCVE-110-MAGEIA-2018-455
Advisory Published
Hanno Böck discovered that libmspack incorrectly handled certain CHM
files. An attacker could possibly use this issue to cause a denial of
service (CVE-2018-14679, CVE-2018-14680).
Jakub Wilk discovered that libmspack incorrectly handled certain KWAJ
files. An attacker could possibly use this issue to execute arbitrary
code (CVE-2018-14681).
Dmitry Glavatskikh discovered that libmspack incorrectly certain CHM
files. An attacker could possibly use this issue to execute arbitrary
code (CVE-2018-14682).
If a CAB file has a Quantum-compressed datablock with exactly 38912
compressed bytes, cabextract would write exactly one byte beyond its
input buffer (CVE-2018-18584).
libmspack didn't reject blank CHM filenames that are blank because they
have embedded null bytes, not just because they are zero-length
(CVE-2018-18585).
chmextract didn't protect from absolute/relative pathnames in CHM files
(CVE-2018-18586).
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | libmspack | 0.9.1-0.alpha.1.mga6 (unaffected), 0 (affected) | — |
| Mageia | cabextract | 0 (affected), 1.9-1.mga6 (unaffected) | — |
Aliases
References
Browse GCVE Records
73,443 records in the GCVE database · Updated July 18, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.