Red Hat Bugzilla – Bug 620454
CVE-2010-2801 cabextract: Integer wrap-around (crash) by processing certain *.cab files in test archive mode
Last modified: 2015-08-22 12:07:41 EDT
An integer wrap-around flaw has been reported in the way cabextract
processed certain Cabinet (*.cab) archive files. If a local user was
tricked into opening a specially-crafted *.cab archive in test archive
mode, it could lead to cabextract executable crash.
This issue affects the versions of the cabextract package,
as shipped with Fedora release of 12 and 13.
Created cabextract tracking bugs for this issue
Affects: fedora-all [bug 620457]
The CVE identifier of CVE-2010-2801 has been assigned to this.
cabextract (together with wine and openoffice.org per libmspack upstream) should use the system-wide libmspack library instead of an embedded copy