CVE-2010-2801

Published: Aug 9, 2010Modified: Apr 29, 2026

5.1

Vector

AV:N/AC:H/Au:N/C:P/I:P/A:P

Exploitability: 4.9 / Impact: 6.4

Source: NVD

Description

Integer signedness error in the Quantum decompressor in cabextract before 1.3, when archive test mode is used, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Quantum archive in a .cab file, related to the libmspack library.

Affected (9)

Products: Cabextract Project: Cabextract

Cabextract Project

1 product

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Cabextract Project Cabextract	Up to 1.2
Cabextract Project Cabextract	Version 0.1
Cabextract Project Cabextract	Version 0.2
Cabextract Project Cabextract	Version 0.3
Cabextract Project Cabextract	Version 0.4
Cabextract Project Cabextract	Version 0.5
Cabextract Project Cabextract	Version 0.6
Cabextract Project Cabextract	Version 1.0
Cabextract Project Cabextract	Version 1.1

Related CWEs

References (24)

http://bugs.gentoo.org/show_bug.cgi?id=329891

Source: secalert@redhat.com

http://libmspack.svn.sourceforge.net/viewvc/libmspack/libmspack/trunk/mspack/qtmd.c?r1=114&r2=113

Source: secalert@redhat.com

Patch

http://libmspack.svn.sourceforge.net/viewvc/libmspack?view=revision&revision=118

Source: secalert@redhat.com

Patch

http://marc.info/?l=oss-security&m=128076168623266&w=2

Source: secalert@redhat.com

http://marc.info/?l=oss-security&m=128077976522470&w=2

Source: secalert@redhat.com

http://www.cabextract.org.uk/#changes

Source: secalert@redhat.com

Patch

http://www.debian.org/security/2010/dsa-2087

Source: secalert@redhat.com

http://www.securityfocus.com/bid/42173

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2010/1903

Source: secalert@redhat.com

PatchVendor Advisory

http://www.vupen.com/english/advisories/2010/1997

Source: secalert@redhat.com

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=620454

Source: secalert@redhat.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/60891

Source: secalert@redhat.com

http://bugs.gentoo.org/show_bug.cgi?id=329891

Source: af854a3a-2127-422b-91ae-364da2661108

http://libmspack.svn.sourceforge.net/viewvc/libmspack/libmspack/trunk/mspack/qtmd.c?r1=114&r2=113

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://libmspack.svn.sourceforge.net/viewvc/libmspack?view=revision&revision=118

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://marc.info/?l=oss-security&m=128076168623266&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=oss-security&m=128077976522470&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.cabextract.org.uk/#changes

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.debian.org/security/2010/dsa-2087

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/42173

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2010/1903

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.vupen.com/english/advisories/2010/1997

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=620454

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/60891

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.