QwikSec

Security Database

CVE

CWE

Training

CVE-2018-18586

Published: Oct 23, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

chmextract.c in the chmextract sample program, as distributed with libmspack before 0.8alpha, does not protect against absolute/relative pathnames in CHM files, leading to Directory Traversal. NOTE: the vendor disputes that this is a libmspack vulnerability, because chmextract.c was only intended as a source-code example, not a supported application

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/kyz/libmspack/commit/7cadd489698be117c47efcadd742651594429e6d

x_refsource_MISC

https://www.openwall.com/lists/oss-security/2018/10/22/1

x_refsource_MISC

https://bugs.debian.org/911639

x_refsource_MISC

vendor-advisory

x_refsource_GENTOO

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.