Free Software for extracting Microsoft cabinet files

cabextract is Free Software for extracting Microsoft cabinet files, also called .CAB files. It is distributed under the GNU GPL license and is based on the portable LGPL libmspack library.

cabextract supports all features and formats of Microsoft cabinet files and Windows CE installation files. It can also look inside other files for embedded cabinets.

Latest version

cabextract version 1.7 was released 25 July 2018. See the full list of changes.

Download cabextract 1.7 source

cabextract is also available pre-built for several platforms:

Linux packages

BSD packages

Mac OS X packages

Microsoft Windows™ packages

Other platforms

Old versions of cabextract are still available.

Installing cabextract

To install a packaged version of cabextract (e.g. for Debian, Ubuntu, the BSDs, Fink, Macports, Cygwin), follow that system's instructions.

To install the RPM, use the command rpm -i cabextract-1.7-1.i386.rpm

To install from the source code tarball:

$ tar zxf cabextract-1.7.tar.gz
$ cd cabextract-1.7
$ ./configure
$ make
# make install

More detailed instructions are included in the INSTALL file found in the cabextract-1.7 directory.

Using cabextract

Enter man cabextract to read the cabextract manual page. Also, running the cabextract command with the --help option gives a brief summary of usage.

In regular usage, just enter cabextract and the name of the cabinet or executable file you want to extract. cabextract will extract all files in all cabinets to the current directory, preserving any internal directory structure, file permissions and file dates. To list files rather than extract them, use the --list option. To test the archive integrity (doing the work of extracting the files, but not saving the results anywhere), use the --test option. This also prints the MD5 checksum of each file in the archive.

cabextract automatically searches files for embedded cabinets, and extracts all of them. If any multi-part cabinets are present, cabextract automatically searches for those parts and links them in. To suppress this behaviour, use the --single option.

cabextract can repair some kinds of corrupt cabinet files. Perhaps a better word for this is "salvage", as the corrupted data is lost forever. Using the --fix option, lost data will be replaced with zeroes, and cabextract will attempt to continue to later data blocks, which are hopefully not corrupt.

You can make cabextract extract files into a specific directory with the --directory option, and you can force extracted filenames to lowercase with the --lowercase option. You can control which files are extracted using the --filter option. For example, cabextract --filter '*.wav' will extract only '.wav' files from

Developing cabextract

You can get the current development version of cabextract from the libmspack github repository. Use the included script to build the project.

Changes in cabextract 1.7

  • cabextract now supports an --encoding parameter, to specify the character encoding of CAB filenames if they are not ASCII or UTF8
  • cabextract --lowercase now lowercases non-ASCII characters

Changes in cabextract 1.6

  • It was possible for cabinet files to extract to absolute file locations, and it was possible on Cygwin to get around cabextract's absolute and relative path protections by using backslashes. These issues have been fixed.

Security vulnerabilities in cabextract

This is a list of security vulnerabilities reported in cabextract, and the version(s) of cabextract they affect. You should upgrade to the latest version where possible. If you discover a security vulnerability in cabextract, please contact me immediately.

Vulnerability Affected
CVE-2015-2060: A CAB file with overlong UTF-8 encodings for "/" can get its files extracted to an absolute path instead of the current directory. On Cygwin, a CAB file using both "/" and "\" can evade checks for absolute files and "../" directory traversals and can get its files extracted to any path < 1.6
CVE-2015-4471: A CAB file with LZX-compressed data ending early during an odd-sized uncompressed block can cause a 1 byte under-read, but no crash < 1.5
CVE-2015-4470: A CAB file with MSZIP-compressed data and a distance code of 30 causes a 1 byte over-read, but no crash < 1.5
CVE-2014-9732: A CAB file with two folders, the second folder invalid, and a file decompression order of folder 1, 2, 1, causes execution to jump to NULL < 1.5
CVE-2014-9556: On 32-bit architectures, a CAB file with invalid file offset or length (where offset + length == 2^32) causes an infinite loop in the Quantum decoder < 1.5
CVE-2010-2801: A CAB file can cause the Quantum decoder to write a small negative length for output. cabextract's --test mode interprets this as a large unsigned integer and reads most of the address space, causing a segfault 1.2
CVE-2010-2800: A CAB file that ends during an MS-ZIP uncompressed block causes an infinite loop in the MS-ZIP decoder < 1.3
CVE-2004-0916: A CAB file can use "../" in filenames to traverse directories < 1.1

Frequently Asked Questions

How can I extract this DATA1.CAB file?
There are two different "cabinet" file formats in popular use. Some are Microsoft cabinets, which can be unpacked with cabextract. Others are InstallShield cabinets, which come as files data1.hdr, Unpacking an InstallShield cabinet with cabextract gives the message WARNING; found InstallShield header. This is probably an InstallShield file. InstallShield cabinet files can be unpacked with unshield
How can I extract this .MSI file?
Windows Installer (MSI) files use a combination of file formats, including cabinet files. cabextract can see cabinet file headers embedded in the MSI file, so it appears you can extract it, but the embedded cabinet is not stored in sequential order, so you cannot. To unpack MSI files, I recommend lessmsi
Can I license cabextract for use in my non-GPL software?
Yes, you can. Contact me for further details. However, you may prefer to use libmspack, as it has been explicitly designed for reuse
Where can I get software to create Microsoft cabinet files?
You can use Microsoft's own CABARC.EXE or Rien Croonenborghs' LCAB. Future releases of libmspack will include a cabinet file creator. It is currently being designed


cabextract is written primarily by Stuart Caie. The Quantum decompressor was researched and implemented by Matthew Russotto. The fast Huffman table generator is taken from unlzx by Dave Tritscher.

Thanks to Dirk Stoecker for his great support, testing, and cabinet files when cabextract was first being developed.

Thanks to Eric Sharkey for Debian packaging and the original manual page.

Thanks to Katsumi Saito for the Japanese manual page.

Thanks to Apostolos Syropoulos, Ben Collver, Dagobert Michelsen, Marc Dequènes, Maxim Sovolev, Pawel Chwalowski, Robert Riebisch, Rudá Moura, Ryan Schmidt, Siarzhuk Zharski, Soos Peter, Stefan Dirsch, Thomas Klausner and Yaakov Selkowitz for packaging cabextract and libmspack for other operating systems.

Thanks to Alfonso Acosta, Alexander Cherepanov, Antoine Amanieux, Claus Rasmussen, Daniel Resare, David Banz, David Leonard, Denis Kroshin, Drew D'Addesio, Edward Sheldrake, Fernando Trias, Hanno Böck, Igor Glucksmann, Jae Jung, Jakub Wilk, James Henstridge, Jorge Lodos, Kevin O'Rourke, Larry Frieson, Michael Vidrevich, Michal Cihar, Mike Mohr, Moritz Barsnick, Nigel Horne, Patrice Dumas, Pavel Turbin, Sergei Trofimovich, Stefan Riegler, Tomasz Kojm and Ville Skyttä for their bug discoveries, fixes and enhancements to cabextract.

Thanks to Dominique Gallot, Marco Schindler, Paul Sokolovsky and Shaun Jackman for helping identify WinCE header components.

Thanks to Jonathan Forbes for creating LZX and other Amiga compression tools.

Finally, thanks to the many other people who have sent in email, suggestions and code.