oss-sec mailing list archives

Re: CVE Request [two ids] -- cabextract -- 1, Infinite loop in MS-ZIP and Quantum decoders (minor) 2, Integer wrap-around (crash) by processing certain *.cab files in test archive mode

From: Josh Bressers <bressers () redhat com>
Date: Mon, 2 Aug 2010 16:08:58 -0400 (EDT)

----- "Jan Lieskovsky" <jlieskov () redhat com> wrote:

Hi Steve, vendors,

   two security issues have been reported against cabextract:

1, Infinite loop in MS-ZIP and Quantum decoders (minor issue):

A deficiency has been reported in the way cabextract extracted certain
Cabinet (*.cab) files, using the MZ-ZIP and Quantum decompressors.  If a
local user was tricked into opening a specially-crafted *.cab file, it
could lead to infinite loop.


CVE-2010-2800

2, Integer wrap-around (crash) by processing certain *.cab files in
test archive mode

An integer wrap-around flaw has been reported in the way cabextract
processed certain Cabinet (*.cab) archive files. If a local user was
tricked into opening a specially-crafted *.cab archive in test archive
mode, it could lead to cabextract executable crash.


CVE-2010-2801


Thanks.

-- 
    JB

Current thread:

CVE Request [two ids] -- cabextract -- 1, Infinite loop in MS-ZIP and Quantum decoders (minor) 2, Integer wrap-around (crash) by processing certain *.cab files in test archive mode Jan Lieskovsky (Aug 02)
- <Possible follow-ups>
- Re: CVE Request [two ids] -- cabextract -- 1, Infinite loop in MS-ZIP and Quantum decoders (minor) 2, Integer wrap-around (crash) by processing certain *.cab files in test archive mode Josh Bressers (Aug 02)
  - Re: CVE Request [two ids] -- cabextract -- 1, Infinite loop in MS-ZIP and Quantum decoders (minor) 2, Integer wrap-around (crash) by processing certain *.cab files in test archive mode Dan Rosenberg (Aug 02)
    - Re: CVE Request [two ids] -- cabextract -- 1, Infinite loop in MS-ZIP and Quantum decoders (minor) 2, Integer wrap-around (crash) by processing certain *.cab files in test archive mode Steven M. Christey (Aug 04)