Red Hat Security Advisory 2018-0350-01 - The gcab package contains a utility for managing the Cabinet archives. It can list, extract, and create Microsoft cabinet files. Security Fix: gcab: Extracting malformed .cab files causes stack smashing potentially leading to arbitrary code execution.
8f5c047a0dadbbe6391693ce574c81f5df12b643260849f79b81ba79213ad986
Debian Linux Security Advisory 4095-1 - It was discovered that gcab, a Microsoft Cabinet file manipulation tool, is prone to a stack-based buffer overflow vulnerability when extracting .cab files. An attacker can take advantage of this flaw to cause a denial-of-service or, potentially the execution of arbitrary code with the privileges of the user running gcab, if a specially crafted .cab file is processed.
dfa532932e13a776dca5af3f55fc32e49f8dea989a0190702c95a8b7cfce1984
Ubuntu Security Notice 3546-1 - Richard Hughes discovered that gcab incorrectly handled certain malformed cabinet files. If a user or automated system were tricked into opening a specially crafted cabinet file, a remote attacker could use this issue to cause gcab to crash, resulting in a denial of service, or possibly execute arbitrary code.
90e1f46c4504300c777f3906f50d5fed96efa57806ead16f085f722fcc29d945