Mandriva Linux Security Advisory 2010-154 - The MS-ZIP decompressor in cabextract before 1.3 allows remote attackers to cause a denial of service via a malformed MSZIP archive in a.cab file during a test or extract action, related to the libmspack library. Integer signedness error in the Quantum decompressor in cabextract before 1.3, when archive test mode is used, allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted Quantum archive in a.cab file, related to the libmspack library.
5775cf5a59b68bf6c5e86d95e8af6b745f6d8d5c40044b4140453a304c65c365