In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.
{
"unresolved_ranges": [
{
"cpes": [
"cpe:2.3:a:cabextract_project:cabextract:*:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"fixed": "1.8"
}
],
"vendor_product": "cabextract_project:cabextract",
"source": "CPE_RANGE"
},
{
"cpes": [
"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "12.04"
},
{
"last_affected": "12.04"
},
{
"introduced": "14.04"
},
{
"last_affected": "14.04"
},
{
"introduced": "16.04"
},
{
"last_affected": "16.04"
},
{
"introduced": "18.04"
},
{
"last_affected": "18.04"
},
{
"introduced": "18.10"
},
{
"last_affected": "18.10"
}
],
"vendor_product": "canonical:ubuntu_linux",
"source": "CPE_STRING"
},
{
"cpes": [
"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "8.0"
},
{
"last_affected": "8.0"
}
],
"vendor_product": "debian:debian_linux",
"source": "CPE_STRING"
},
{
"cpes": [
"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "7.0"
},
{
"last_affected": "7.0"
}
],
"vendor_product": "redhat:enterprise_linux",
"source": "CPE_STRING"
},
{
"cpes": [
"cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*",
"cpe:2.3:o:suse:linux_enterprise_server:12:ga:*:*:ltss:*:*:*",
"cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:ltss:*:*:*",
"cpe:2.3:o:suse:linux_enterprise_server:12:sp2:*:*:ltss:*:*:*"
],
"extracted_events": [
{
"introduced": "11-sp3"
},
{
"last_affected": "11-sp3"
},
{
"introduced": "12-ga"
},
{
"last_affected": "12-ga"
},
{
"introduced": "12-sp1"
},
{
"last_affected": "12-sp1"
},
{
"introduced": "12-sp2"
},
{
"last_affected": "12-sp2"
}
],
"vendor_product": "suse:linux_enterprise_server",
"source": "CPE_STRING"
}
]
}{
"cpe": [
"cpe:2.3:a:libmspack_project:libmspack:0.3:alpha:*:*:*:*:*:*",
"cpe:2.3:a:libmspack_project:libmspack:0.4:alpha:*:*:*:*:*:*",
"cpe:2.3:a:libmspack_project:libmspack:0.5:alpha:*:*:*:*:*:*",
"cpe:2.3:a:libmspack_project:libmspack:0.6:alpha:*:*:*:*:*:*",
"cpe:2.3:a:libmspack_project:libmspack:0.7:alpha:*:*:*:*:*:*",
"cpe:2.3:a:libmspack_project:libmspack:0.7.1:alpha:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "0.3-alpha"
},
{
"last_affected": "0.3-alpha"
},
{
"introduced": "0.4-alpha"
},
{
"last_affected": "0.4-alpha"
},
{
"introduced": "0.5-alpha"
},
{
"last_affected": "0.5-alpha"
},
{
"introduced": "0.6-alpha"
},
{
"last_affected": "0.6-alpha"
},
{
"introduced": "0.7-alpha"
},
{
"last_affected": "0.7-alpha"
},
{
"introduced": "0.7.1-alpha"
},
{
"last_affected": "0.7.1-alpha"
}
],
"source": [
"CPE_STRING",
"REFERENCES"
]
}[
{
"source": "https://github.com/kyz/libmspack/commit/40ef1b4093d77ad3a5cfcee1f5cb6108b3a3bcc2",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"158240116603677036819695488739621403627",
"269271669553547603752875556704960232567",
"37544086892789893982291370903966203759",
"169871899111443360361982281484202037437",
"257408676381020978427987901723890493853",
"293194494984887529254768129453583513323",
"143245517895524289051156808528142211988",
"161511177930475588070979568568117240902"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2018-18584-3cecbcbb",
"target": {
"file": "libmspack/mspack/cab.h"
}
}
]
"2026-07-08T14:15:00Z"
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-18584.json"