5.1

CVE-2010-2801

Integer signedness error in the Quantum decompressor in cabextract before 1.3, when archive test mode is used, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Quantum archive in a .cab file, related to the libmspack library.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.03% 0.893
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.1 4.9 6.4
AV:N/AC:H/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://bugs.gentoo.org/show_bug.cgi?id=329891
http://marc.info/?l=oss-security&m=128076168623266&w=2
http://marc.info/?l=oss-security&m=128077976522470&w=2
http://www.cabextract.org.uk/#changes
Patch
http://www.vupen.com/english/advisories/2010/1903
Patch
Vendor Advisory
http://libmspack.svn.sourceforge.net/viewvc/libmspack/libmspack/trunk/mspack/qtmd.c?r1=114&r2=113
Patch
http://libmspack.svn.sourceforge.net/viewvc/libmspack?view=revision&revision=118
Patch
http://www.debian.org/security/2010/dsa-2087
http://www.securityfocus.com/bid/42173
http://www.vupen.com/english/advisories/2010/1997
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=620454
https://exchange.xforce.ibmcloud.com/vulnerabilities/60891