Stephen Kitt

**Name of the Vulnerable Software and Affected Versions** gcab version 0.4 **Description** A directory traversal issue exists in the gcab folder extract function, allowing remote attackers to write to arbitrary files via a crafted path in a CAB file. This can be achieved by using a specially crafted path, such as "tmpmoo". **Recommendations** For gcab version 0.4, consider restricting access to the gcab folder extract function until a patch is available, or avoid using this function with untrusted CAB files to minimize the risk of exploitation.