Bug 1196146 (CVE-2014-9732) - CVE-2014-9732 cabextract: null pointer dereference on a crafted CAB
Summary: CVE-2014-9732 cabextract: null pointer dereference on a crafted CAB
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2014-9732
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1196148 1196149
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-02-25 11:43 UTC by Vasyl Kaigorodov
Modified: 2019-09-29 13:28 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-12-02 13:19:49 UTC
Embargoed:

Attachments (Terms of Use)

Description Vasyl Kaigorodov 2015-02-25 11:43:11 UTC 
Null pointer dereference on a crafted CAB was reported [1] in cabextract.
Reproducer file can be found at [1] as well.

$ gpg -d nullderef.cab.asc > nullderef.cab
$ cabextract -t nullderef.cab
nullderef.cab: WARNING; possible 1626 extra bytes at end of file.
Testing cabinet: nullderef.cab
   failed (error in CAB data format)
   failed (Success)
 E  failed (error in CAB data format)
Segmentation fault


Backtrace:
#0  0x00000000 in ?? ()
#1  0x0804e094 in cabd_extract (base=0x805b008, file=0x8063600, filename=0x8056643 "test") at mspack/cabd.c:1068
#2  0x080493b4 in process_cabinet (basename=0xffffd9b8 "nullderef.cab") at src/cabextract.c:467
#3  0x08048fc4 in main (argc=3, argv=0xffffd804) at src/cabextract.c:350

[1]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774665
Comment 1 Vasyl Kaigorodov 2015-02-25 11:44:18 UTC 
Created cabextract tracking bugs for this issue:

Affects: fedora-all [bug 1196148]
Affects: epel-all [bug 1196149]
Comment 2 Rex Dieter 2015-12-02 13:19:49 UTC 
linked bugs confirmed fixed, closing
Note You need to log in before you can comment on or make changes to this bug.