CVE-2014-9732
Published: 11 June 2015
The cabd_extract function in cabd.c in libmspack before 0.5 does not properly maintain decompression callbacks in certain cases where an invalid file follows a valid file, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted CAB archive.
From the Ubuntu Security Team
It was discovered that cabextract incorrectly handled certain malformed CAB files. An attacker could use this issue to cause cabextract to crash, resulting in a denial of service.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
cabextract Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
|
| cosmic |
Not vulnerable
|
|
| disco |
Not vulnerable
|
|
| eoan |
Not vulnerable
|
|
| focal |
Not vulnerable
|
|
| groovy |
Not vulnerable
|
|
| hirsute |
Not vulnerable
|
|
| impish |
Not vulnerable
|
|
| jammy |
Not vulnerable
|
|
| precise |
Does not exist
|
|
| trusty |
Released
(1.4-4ubuntu0.1~esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
| upstream |
Released
(1.6-1)
|
|
| xenial |
Not vulnerable
|
|
|
libmspack Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
|
| bionic |
Not vulnerable
|
|
| cosmic |
Not vulnerable
|
|
| disco |
Not vulnerable
|
|
| eoan |
Not vulnerable
|
|
| focal |
Not vulnerable
|
|
| groovy |
Not vulnerable
|
|
| hirsute |
Not vulnerable
|
|
| impish |
Not vulnerable
|
|
| jammy |
Not vulnerable
|
|
| precise |
Does not exist
|
|
| trusty |
Released
(0.4-1ubuntu0.1~esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
| upstream |
Released
(0.5-1)
|
|
| utopic |
Ignored
(end of life)
|
|
| vivid |
Not vulnerable
(0.5-1)
|
|
| wily |
Not vulnerable
|
|
| xenial |
Not vulnerable
|
|
| yakkety |
Not vulnerable
|
|
| zesty |
Not vulnerable
|