Red Hat Bugzilla – Bug 620450
CVE-2010-2800 cabextract: Infinite loop in MS-ZIP and Quantum decoders
Last modified: 2016-03-04 06:00:04 EST
A deficiency has been reported in the way cabextract extracted
certain Cabinet (*.cab) files, using the MZ-ZIP and Quantum decompressors.
If a local user was tricked into opening a specially-crafted *.cab
file, it could lead to infinite loop.
This issue affects the versions of the cabextract package,
as shipped with Fedora release of 12 and 13.
Created cabextract tracking bugs for this issue
Affects: fedora-all [bug 620457]
The CVE identifier of CVE-2010-2800 has been assigned to this.
cabextract (together with wine and openoffice.org per libmspack upstream) should use the system-wide libmspack library instead of an embedded copy