{"id":"CVE-2018-18586","details":"chmextract.c in the chmextract sample program, as distributed with libmspack before 0.8alpha, does not protect against absolute/relative pathnames in CHM files, leading to Directory Traversal. NOTE: the vendor disputes that this is a libmspack vulnerability, because chmextract.c was only intended as a source-code example, not a supported application","modified":"2026-04-16T06:16:03.111662031Z","published":"2018-10-23T02:29:00.700Z","related":["SUSE-SU-2022:0069-1","SUSE-SU-2022:0069-2","SUSE-SU-2022:4287-1","openSUSE-SU-2022:0069-1","openSUSE-SU-2024:13619-1"],"references":[{"type":"ADVISORY","url":"https://www.openwall.com/lists/oss-security/2018/10/22/1"},{"type":"ADVISORY","url":"https://bugs.debian.org/911639"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201903-20"},{"type":"EVIDENCE","url":"https://github.com/kyz/libmspack/commit/7cadd489698be117c47efcadd742651594429e6d"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/kyz/libmspack","events":[{"introduced":"0"},{"last_affected":"a22627dd5180e0ce9c558d0c10b174c760085f57"},{"introduced":"0"},{"last_affected":"164fb2d23a0894b726b72a047d34191d64a18104"},{"introduced":"0"},{"last_affected":"03296dd44347ab3111ba23b8e3945e2b537b6275"},{"introduced":"0"},{"last_affected":"a2b36d2f477a183c046b66c731936fa56eba53b4"},{"introduced":"0"},{"last_affected":"bc1010b120a987de3da053ba61870fcbecfbd112"},{"fixed":"7cadd489698be117c47efcadd742651594429e6d"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.3-alpha"},{"introduced":"0"},{"last_affected":"0.4-alpha"},{"introduced":"0"},{"last_affected":"0.5-alpha"},{"introduced":"0"},{"last_affected":"0.6-alpha"},{"introduced":"0"},{"last_affected":"0.7-alpha"}]}}],"versions":["1.7","v0.0.20060920alpha","v0.3alpha","v0.4alpha","v0.5alpha","v0.6alpha","v0.7.1alpha","v0.7alpha","v1.0","v1.1","v1.2","v1.3","v1.4","v1.5"],"database_specific":{"vanir_signatures":[{"deprecated":false,"source":"https://github.com/kyz/libmspack/commit/7cadd489698be117c47efcadd742651594429e6d","target":{"file":"libmspack/src/chmextract.c"},"signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["132217244909678999437045884994041631732","118486685220162301588933284659837502589","222615661882722935798674702194044547538","219466755054797721960266295314213546095","121151598458548409255316740935381343568","251794852627836227553566778864470334558","276386435241628830137813434249006767161","175017918290597721448889109973898583339","76346329143149834116510719185726473758","63418847592787521052761912317172777863","178541120143036453390048197284215582459","225241872322959364675261907169332432852","5687739501093445154981481862495263751","215127561223302871173399771134414929721","293357833663568891914347203216630066385","186174406741438164710290524819104471828","293306914388071824781965863647218258380","167691164685362533630025839601672666569","149824802092469499658294486183158614954","254789303695554541346853322408141944304","80947747128519016585894919489949934570","175320454547622884216682052703172976605","120624756470267526030997539398261046599","261759257982953005752840463689673345315","213928999277667040425900834898570427129","70005316954701892465692955578209039965","231195700645312976446011945221240415851","228196885841981192425952172150817854482","174304417751722594597093677375760400835","152355533426064100670146862363160293275","249762788559237212680438951250333340720","87411400792090358020183565937091936690","6744364880911807034699269934291871313","194583843208136331365198575948792565834","9780324754441355153589338133080765820","294642448661868398785201737223518408646","252457921278666985873737785292667935433","158867895338525521147741642841601864584","305130856208786088562017513659960910702","41904302489867191859186942943233399570","174398465214914042445324696526882070075","183320402960802003877949183047325896275","189508025214272293236424464960845164093","101928875653620123931473633201290476150","110114845122702344456797587701237160105","310776510053239329395433180738797107623","8489312533346179172916505379326312764","63079483386643476811183316788393478357","100537737846989771671509143207413508929","242837151747184648146970527131172575458","79920160273488118676337121161141022489","104268556886586718973627451693583341293","284563985493391703476617016659624302384","227524432114338156336445170894261347705","60636500522078535908579059062906699466","41015532848011598996548738304648322688","38050941284915674202415563781145260997","108765095596990967572773563646003538941","198336727089604421929377117405484585559","161681440077813729876365982894559509543","270424609327362527655435360931025506009","135647053476087047233109166941984931369","173861429623871299760377822238913944644","132669422380041523076200484778224511734","1309430708804111996759419706833211170","178450306176084823109919980947646734888","218810929613725555102614093969984362302","2296226440901098574089782012342800808","229337352905290427095117294339535507851","291655022682040911965606594361371420754","98969152067630238017861340398579647254","241015714968160062448308658251007238117","124076827736943902471002866881412944255","53344881501313825978030816336204935628","273555304606131816135686695310577248235","31175708583529425594189889907309991586","191041860770047005057657380764910146537"]},"id":"CVE-2018-18586-7505825f"},{"source":"https://github.com/kyz/libmspack/commit/7cadd489698be117c47efcadd742651594429e6d","deprecated":false,"target":{"file":"libmspack/src/chmextract.c","function":"main"},"signature_version":"v1","signature_type":"Function","digest":{"length":1269,"function_hash":"59135860739822885713181976095235092158"},"id":"CVE-2018-18586-bb60fb48"},{"deprecated":false,"source":"https://github.com/kyz/libmspack/commit/7cadd489698be117c47efcadd742651594429e6d","target":{"file":"libmspack/src/chmextract.c","function":"create_output_name"},"digest":{"length":1807,"function_hash":"241467629137614069631945326365599028761"},"signature_type":"Function","signature_version":"v1","id":"CVE-2018-18586-e6dab8e6"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-18586.json","vanir_signatures_modified":"2026-04-11T11:39:42Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}