CVE-2004-0916

EPSS 1.9%

cabextract - missing directory sanitising

Published: 1/27/2005Modified: 4/28/2026

Also known as:DEBIAN-CVE-2004-0916

Description

Directory traversal vulnerability in cabextract before 1.1 allows remote attackers to overwrite arbitrary files via a cabinet file containing .. (dot dot) sequences in a filename.

Affected packages (2)

Debian/cabextractfrom 0, < 1.1-1
Debian/cabextractfrom 0, < 0.2-2b

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2004-0916