CVE-2006-3178
chmlib - missing input sanitising
EPSS 2.1%
Description
Directory traversal vulnerability in extract_chmLib example program in CHM Lib (chmlib) before 0.38 allows remote attackers to overwrite arbitrary files via a CHM archive containing files with a .. (dot dot) in their filename.
How to fix CVE-2006-3178
To remediate CVE-2006-3178, upgrade the affected package to a fixed version below.
- Debian/chmlib—upgrade to 0.38-1 or later
- Debian/chmlib—upgrade to 0.35-6sarge3 or later
Is CVE-2006-3178 being exploited?
Low — EPSS is 2.1%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 0.38-1
- from 0, < 0.35-6sarge3