CVE-2018-5345

Related Files

Red Hat Security Advisory 2018-0350-01

Posted Feb 26, 2018

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0350-01 - The gcab package contains a utility for managing the Cabinet archives. It can list, extract, and create Microsoft cabinet files. Security Fix: gcab: Extracting malformed .cab files causes stack smashing potentially leading to arbitrary code execution.

tags | advisory, arbitrary, code execution

systems | linux, redhat

advisories | CVE-2018-5345

SHA-256 | 8f5c047a0dadbbe6391693ce574c81f5df12b643260849f79b81ba79213ad986

Download | Favorite | View

Debian Security Advisory 4095-1

Posted Jan 25, 2018

Authored by Debian | Site debian.org

Debian Linux Security Advisory 4095-1 - It was discovered that gcab, a Microsoft Cabinet file manipulation tool, is prone to a stack-based buffer overflow vulnerability when extracting .cab files. An attacker can take advantage of this flaw to cause a denial-of-service or, potentially the execution of arbitrary code with the privileges of the user running gcab, if a specially crafted .cab file is processed.

tags | advisory, overflow, arbitrary

systems | linux, debian

advisories | CVE-2018-5345

SHA-256 | dfa532932e13a776dca5af3f55fc32e49f8dea989a0190702c95a8b7cfce1984

Download | Favorite | View

Ubuntu Security Notice USN-3546-1

Posted Jan 25, 2018

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3546-1 - Richard Hughes discovered that gcab incorrectly handled certain malformed cabinet files. If a user or automated system were tricked into opening a specially crafted cabinet file, a remote attacker could use this issue to cause gcab to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary

systems | linux, ubuntu

advisories | CVE-2018-5345

SHA-256 | 90e1f46c4504300c777f3906f50d5fed96efa57806ead16f085f722fcc29d945

Download | Favorite | View