Null pointer dereference on a crafted CAB was reported [1] in cabextract. Reproducer file can be found at [1] as well. $ gpg -d nullderef.cab.asc > nullderef.cab $ cabextract -t nullderef.cab nullderef.cab: WARNING; possible 1626 extra bytes at end of file. Testing cabinet: nullderef.cab failed (error in CAB data format) failed (Success) E failed (error in CAB data format) Segmentation fault Backtrace: #0 0x00000000 in ?? () #1 0x0804e094 in cabd_extract (base=0x805b008, file=0x8063600, filename=0x8056643 "test") at mspack/cabd.c:1068 #2 0x080493b4 in process_cabinet (basename=0xffffd9b8 "nullderef.cab") at src/cabextract.c:467 #3 0x08048fc4 in main (argc=3, argv=0xffffd804) at src/cabextract.c:350 [1]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774665
Created cabextract tracking bugs for this issue: Affects: fedora-all [bug 1196148] Affects: epel-all [bug 1196149]
linked bugs confirmed fixed, closing