CVE Request [two ids] -- cabextract -- 1, Infinite loop in MS-ZIP and Quantum decoders (minor) 2, Integer wrap-around (crash) by processing certain *.cab files in test archive mode

[Jan Lieskovsky <jlieskov () redhat com>]

Hi Steve, vendors,

  two security issues have been reported against cabextract:

1, Infinite loop in MS-ZIP and Quantum decoders (minor issue):

A deficiency has been reported in the way cabextract extracted
certain Cabinet (*.cab) files, using the MZ-ZIP and Quantum decompressors.
If a local user was tricked into opening a specially-crafted *.cab
file, it could lead to infinite loop.

References:
  [1] http://bugs.gentoo.org/show_bug.cgi?id=329891

Upstream patches:
  [2] http://libmspack.svn.sourceforge.net/viewvc/libmspack?view=revision&revision=90
  [3] http://libmspack.svn.sourceforge.net/viewvc/libmspack?view=revision&revision=95
  [4] http://libmspack.svn.sourceforge.net/viewvc/libmspack/libmspack/trunk/mspack/

2, Integer wrap-around (crash) by processing certain *.cab files in test archive mode

An integer wrap-around flaw has been reported in the way cabextract processed
certain Cabinet (*.cab) archive files. If a local user was tricked into opening
a specially-crafted *.cab archive in test archive mode, it could lead to cabextract
executable crash.

References:
  [1] http://bugs.gentoo.org/show_bug.cgi?id=329891

Upstream patches:
  [2] http://libmspack.svn.sourceforge.net/viewvc/libmspack/libmspack/trunk/mspack/qtmd.c?r1=114&r2=113
  [3] http://libmspack.svn.sourceforge.net/viewvc/libmspack?view=revision&revision=118

Could you allocate CVE ids for these?

Thanks && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team