Integer overflow in the qtmd_decompress function in libmspack 0.4 allows remote attackers to cause a denial of service (hang) via a crafted CAB file, which triggers an infinite loop.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9556
Reference (s):
- http://advisories.mageia.org/MGASA-2015-0052.html
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773041
- MANDRIVA:MDVSA-2015:041
- URL: http://www.mandriva.com/security/advisories?name=MDVSA-2015:041
- MLIST:[oss-security] 20150101 CVE Request: libmspack: frame_end overflow which could cause infinite loop