Candidate: CVE-2014-9556
PublicDate: 2015-02-03 16:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9556
Description:
 Integer overflow in the qtmd_decompress function in libmspack 0.4 allows
 remote attackers to cause a denial of service (hang) via a crafted CAB
 file, which triggers an infinite loop.
Ubuntu-Description:
 It was discovered that cabextract incorrectly handled certain malformed CAB
 files. An attacker could use this issue to cause cabextract to hang,
 resulting in a denial of service. 
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772891
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773041
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_cabextract:
upstream_cabextract: released (1.4-5)
lucid_cabextract: ignored (reached end-of-life)
precise_cabextract: ignored (reached end-of-life)
precise/esm_cabextract: DNE (precise was needed)
trusty_cabextract: ignored (out of standard support)
trusty/esm_cabextract: needed
utopic_cabextract: ignored (reached end-of-life)
vivid_cabextract: ignored (reached end-of-life)
vivid/stable-phone-overlay_cabextract: DNE
vivid/ubuntu-core_cabextract: DNE
wily_cabextract: ignored (reached end-of-life)
xenial_cabextract: not-affected (1.6-1)
yakkety_cabextract: ignored (reached end-of-life)
zesty_cabextract: ignored (reached end-of-life)
artful_cabextract: ignored (reached end-of-life)
bionic_cabextract: not-affected (1.6-1.1)
cosmic_cabextract: not-affected (1.6-1.1)
disco_cabextract: not-affected (1.6-1.1)
eoan_cabextract: not-affected (1.6-1.1)
focal_cabextract: not-affected (1.6-1.1)
groovy_cabextract: not-affected (1.6-1.1)
hirsute_cabextract: not-affected (1.6-1.1)
impish_cabextract: not-affected (1.6-1.1)
jammy_cabextract: not-affected (1.6-1.1)
devel_cabextract: not-affected (1.6-1.1)

Patches_libmspack:
upstream_libmspack: released (0.4-2)
lucid_libmspack: DNE
precise_libmspack: DNE
precise/esm_libmspack: DNE
trusty_libmspack: ignored (reached end-of-life)
trusty/esm_libmspack: DNE (trusty was needed)
utopic_libmspack: ignored (reached end-of-life)
vivid_libmspack: not-affected (0.4-3)
vivid/stable-phone-overlay_libmspack: DNE
vivid/ubuntu-core_libmspack: DNE
wily_libmspack: not-affected (0.4-3)
xenial_libmspack: not-affected (0.4-3)
esm-infra/xenial_libmspack: not-affected (0.4-3)
yakkety_libmspack: not-affected (0.4-3)
zesty_libmspack: not-affected (0.4-3)
artful_libmspack: not-affected (0.4-3)
bionic_libmspack: not-affected (0.4-3)
cosmic_libmspack: not-affected (0.4-3)
disco_libmspack: not-affected (0.4-3)
eoan_libmspack: not-affected (0.4-3)
focal_libmspack: not-affected (0.4-3)
groovy_libmspack: not-affected (0.4-3)
hirsute_libmspack: not-affected (0.4-3)
impish_libmspack: not-affected (0.4-3)
jammy_libmspack: not-affected (0.4-3)
devel_libmspack: not-affected (0.4-3)