Unrated severityNVD Advisory· Published Aug 9, 2010· Updated Apr 29, 2026
CVE-2010-2801
CVE-2010-2801
Description
Integer signedness error in the Quantum decompressor in cabextract before 1.3, when archive test mode is used, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Quantum archive in a .cab file, related to the libmspack library.
Affected products
9cpe:2.3:a:cabextract_project:cabextract:*:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:cabextract_project:cabextract:*:*:*:*:*:*:*:*range: <=1.2
- cpe:2.3:a:cabextract_project:cabextract:0.1:*:*:*:*:*:*:*
- cpe:2.3:a:cabextract_project:cabextract:0.2:*:*:*:*:*:*:*
- cpe:2.3:a:cabextract_project:cabextract:0.3:*:*:*:*:*:*:*
- cpe:2.3:a:cabextract_project:cabextract:0.4:*:*:*:*:*:*:*
- cpe:2.3:a:cabextract_project:cabextract:0.5:*:*:*:*:*:*:*
- cpe:2.3:a:cabextract_project:cabextract:0.6:*:*:*:*:*:*:*
- cpe:2.3:a:cabextract_project:cabextract:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:cabextract_project:cabextract:1.1:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
12- libmspack.svn.sourceforge.net/viewvc/libmspack/libmspack/trunk/mspack/qtmd.cnvdPatch
- libmspack.svn.sourceforge.net/viewvc/libmspacknvdPatch
- www.cabextract.org.uknvdPatch
- www.vupen.com/english/advisories/2010/1903nvdPatchVendor Advisory
- www.vupen.com/english/advisories/2010/1997nvdVendor Advisory
- bugs.gentoo.org/show_bug.cginvd
- marc.infonvd
- marc.infonvd
- www.debian.org/security/2010/dsa-2087nvd
- www.securityfocus.com/bid/42173nvd
- bugzilla.redhat.com/show_bug.cginvd
- exchange.xforce.ibmcloud.com/vulnerabilities/60891nvd
News mentions
0No linked articles in our index yet.