QwikSec

Security Database

CVE

CWE

Training

CVE-2010-2801

Published: Aug 6, 2010

Modified: Aug 7, 2024

PUBLISHED

Description

Integer signedness error in the Quantum decompressor in cabextract before 1.3, when archive test mode is used, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Quantum archive in a .cab file, related to the libmspack library.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_VUPEN

http://libmspack.svn.sourceforge.net/viewvc/libmspack?view=revision&revision=118

x_refsource_CONFIRM

[oss-security] 20100802 CVE Request [two ids] -- cabextract -- 1, Infinite loop in MS-ZIP and Quantum decoders (minor) 2, Integer wrap-around (crash) by processing certain *.cab files in test archive mode

mailing-list

x_refsource_MLIST

http://libmspack.svn.sourceforge.net/viewvc/libmspack/libmspack/trunk/mspack/qtmd.c?r1=114&r2=113

x_refsource_CONFIRM

[oss-security] 20100802 Re: CVE Request [two ids] -- cabextract -- 1, Infinite loop in MS-ZIP and Quantum decoders (minor) 2, Integer wrap-around (crash) by processing certain *.cab files in test archive mode

mailing-list

x_refsource_MLIST

http://www.cabextract.org.uk/#changes

x_refsource_CONFIRM

vendor-advisory

x_refsource_DEBIAN

http://bugs.gentoo.org/show_bug.cgi?id=329891

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=620454

x_refsource_CONFIRM

vdb-entry

x_refsource_VUPEN

cabextract-archive-code-execution(60891)

vdb-entry

x_refsource_XF

vdb-entry

x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.