Hello all,
cabextract 1.5 and libmspack 0.5alpha have been released.
The main changes are fixes in handling invalid files, which were
found by Debian researchers using the American fuzzy lop (afl) tool.
- CVE-2014-9556: A CAB file with invalid file offset or length
(where offset + length == 2^32) causes an infinite loop in the
Quantum decoder on 32-bit architectures. [Debian bugs #772891,
#773041]
- A CAB file with two folders, the second folder invalid, and a
file decompression order of folder 1, 2, 1, causes execution to
jump to NULL. [Debian bugs #773659, #774665]
- A CHM file with reset interval of zero causes division by
zero. [Debian bug #774725]
- A CHM file with invalid name lengths in PGML/PGMI blocks
causes over-read and segfaults on 32-bit architecture [Debian
bugs #774726, #775687]
- A CAB file with MSZIP-compressed data and a distance code of
30 causes a 1 byte over-read [Debian bug #775498]
- A CAB file with zero-length filenames causes a 1 byte
over-read.
- A CAB file with invalid UTF-8 encoded filenames causes
over-read of up to 5 bytes.
- A CAB or CHM file with LZX-compressed data ending early during
an odd-sized uncompressed block can cause a 1-byte under-read.
[Debian bug #775499]
These issues have been fixed.
Additionally, cabextract and libmspack's
mschm_decompressor::fast_find now have more robust handling of
invalid UTF-8 encoded filenames, and the bundled extra script
wince_rename now creates files' install directories.
cabextract and libmspack can be downloaded from
http://www.cabextract.org.uk/
SHA256 sums:
4df8c1e25563b5e5433b50f30d75686f7d31511889fcacd8d5249b6894e1eff9
cabextract-1.5-1.i386.rpm
f959be5c4fc089835743440cc3775fa342fcdf2ef6873dc2bba84db6448ffb86
cabextract-1.5-1.src.rpm
23d6ae3f65cd90b036958fa95fc4d9983f80fded4bd8e2ad2736ba8c4095268a
cabextract-1.5.tar.gz
8967f275525f5067b364cee43b73e44d0433668c39f9376dfff19f653d1c8110
libmspack-0.5alpha.tar.gz
Regards
Stuart
|