The MS-ZIP decompressor in cabextract before 1.3 allows remote attackers to cause a denial of service (infinite loop) via a malformed MSZIP archive in a .cab file during a (1) test or (2) extract action, related to the libmspack library.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Cabextract | Cabextract_project | * | 1.2 (including) |
| Cabextract | Cabextract_project | 0.1 (including) | 0.1 (including) |
| Cabextract | Cabextract_project | 0.2 (including) | 0.2 (including) |
| Cabextract | Cabextract_project | 0.3 (including) | 0.3 (including) |
| Cabextract | Cabextract_project | 0.4 (including) | 0.4 (including) |
| Cabextract | Cabextract_project | 0.5 (including) | 0.5 (including) |
| Cabextract | Cabextract_project | 0.6 (including) | 0.6 (including) |
| Cabextract | Cabextract_project | 1.0 (including) | 1.0 (including) |
| Cabextract | Cabextract_project | 1.1 (including) | 1.1 (including) |
| Cabextract | Ubuntu | dapper | * |
| Cabextract | Ubuntu | hardy | * |
| Cabextract | Ubuntu | jaunty | * |
| Cabextract | Ubuntu | karmic | * |
| Cabextract | Ubuntu | lucid | * |
| Cabextract | Ubuntu | upstream | * |