Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 22 Oct 2018 08:17:35 +0200
From: Hanno Böck <>
Subject: Buffer overflow in cabextract/libmspack (Fwd: New cabextract 1.8
 and libmspack 0.8 release)

New cabextract and libmspack fix a buffer overflow.
Notably libmspack is also used in clamav.

Forwarding the release notes here:


Hello all,

cabextract 1.8 has been released. It greatly improves its ability to 
extract damaged files with the "-f" option, and the cabinfo command has 
been rewritten.

It also fixes this bug:

* if a CAB file has a Quantum-compressed datablock with exactly 38912 
compressed bytes, cabextract will write exactly one byte beyond its 
input buffer.

cabextract can be downloaded from

SHA256 sums:


libmspack 0.8alpha has also been released.

It adds the new parameter MSCABD_PARAM_SALVAGE which permits salvaging 
badly damaged files rather than rejecting them outright.

It fixes several bugs:

* the above 38912-byte Quantum CAB block bug
* libmspack now also rejects blank CHM filenames that are blank because 
they have embedded null bytes, not just because they are zero-length
* chmextract now protects you from absolute/relative pathnames in CHM

libmspack can be downloaded from

SHA256 sum:


If you wish to patch an older version, please look at commits |8759da8, 
||7cadd48 and ||40ef1b4 in the git repository.|


Hanno Böck

GPG: FE73757FA60E4E21B937579FA5880072BBB51E42

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.