In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.
{ "vanir_signatures": [ { "deprecated": false, "id": "CVE-2018-18584-3cecbcbb", "signature_version": "v1", "digest": { "line_hashes": [ "158240116603677036819695488739621403627", "269271669553547603752875556704960232567", "37544086892789893982291370903966203759", "169871899111443360361982281484202037437", "257408676381020978427987901723890493853", "293194494984887529254768129453583513323", "143245517895524289051156808528142211988", "161511177930475588070979568568117240902" ], "threshold": 0.9 }, "signature_type": "Line", "target": { "file": "libmspack/mspack/cab.h" }, "source": "https://github.com/kyz/libmspack/commit/40ef1b4093d77ad3a5cfcee1f5cb6108b3a3bcc2" } ] }