In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.
[
{
"signature_version": "v1",
"id": "CVE-2018-18584-3cecbcbb",
"source": "https://github.com/kyz/libmspack/commit/40ef1b4093d77ad3a5cfcee1f5cb6108b3a3bcc2",
"digest": {
"line_hashes": [
"158240116603677036819695488739621403627",
"269271669553547603752875556704960232567",
"37544086892789893982291370903966203759",
"169871899111443360361982281484202037437",
"257408676381020978427987901723890493853",
"293194494984887529254768129453583513323",
"143245517895524289051156808528142211988",
"161511177930475588070979568568117240902"
],
"threshold": 0.9
},
"deprecated": false,
"target": {
"file": "libmspack/mspack/cab.h"
},
"signature_type": "Line"
}
]