RSS   Vulnerabilities for 'Limbspack'   RSS

2018-10-22
 
CVE-2018-18585

CWE-476
 

 
chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name).

 
 
CVE-2018-18584

CWE-787
 

 
In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.

 

 >>> Vendor: Kyzer 2 Products
Limbspack
Libmspack


Copyright 2019, cxsecurity.com

 

Back to Top