libmspack is vulnerable to denial of service. The CAB block input buffer is one byte too small for the maximal Quantum block, which would allow an attacker to crash the application via an out-of-bounds write using a malicious CAB block input.
access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index
access.redhat.com/errata/RHSA-2019:2049
access.redhat.com/security/cve/cve-2018-18584
access.redhat.com/security/updates/classification/#moderate
bugs.debian.org/911640
github.com/kyz/libmspack/commit/40ef1b4093d77ad3a5cfcee1f5cb6108b3a3bcc2
lists.debian.org/debian-lts-announce/2018/10/msg00017.html
packetstormsecurity.com/files/150310/Ubuntu-Security-Notice-USN-3814-3.html
security.gentoo.org/glsa/201903-20
usn.ubuntu.com/3814-1/
usn.ubuntu.com/3814-2/
usn.ubuntu.com/3814-3/
www.cabextract.org.uk/#changes
www.openwall.com/lists/oss-security/2018/10/22/1
www.starwindsoftware.com/security/sw-20181213-0001/
www.suse.com/security/cve/CVE-2018-18584/