Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
unrar vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2017-11190
unrarlib.c in unrar-free 0.0.1, when _DEBUG_LOG mode is enabled, might allow remote malicious users to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via an RAR archive containing a long filename.
Rarzilla Unrar-free 0.0.1
NA
CVE-2007-3726
Integer signedness error in the SET_VALUE function in rarvm.cpp in unrar 3.70 beta 3, as used in products including WinRAR and RAR for OS X, allows user-assisted remote malicious users to cause a denial of service (crash) via a crafted RAR archive that causes a negative signed nu...
Rarlab Unrar 3.70 Beta 3
9.8
CVSSv3
CVE-2012-6706
A VMSF_DELTA memory corruption exists in unrar prior to 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine prior to 3.37.2 and other products, that can lead to arbitrary code execution. An integer overflow can be caused in DataSize+CurChannel. The result is a negative va...
Sophos Threat Detection Engine
Rarlab Unrar
7.5
CVSSv3
CVE-2017-14120
unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of the form ../[filename] are unpacked into the upper directory.
Rarlab Unrar 0.0.1
Debian Debian Linux 9.0
5.5
CVSSv3
CVE-2017-14121
The DecodeNumber function in unrarlib.c in unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a NULL pointer dereference flaw triggered by a crafted RAR archive. NOTE: this may be the same as one of the several test cases in the CVE-2017-11189 references.
Rarlab Unrar 0.0.1
Debian Debian Linux 9.0
9.1
CVSSv3
CVE-2017-14122
unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a stack-based buffer over-read in unrarlib.c, related to ExtrFile and stricomp.
Rarlab Unrar 0.0.1
Debian Debian Linux 9.0
NA
CVE-2007-3725
The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) prior to 0.91 allows user-assisted remote malicious users to cause a denial of service (crash) via a crafted RAR archive, resulting in a NULL pointer dereference.
Clam Anti-virus Clamav 0.24
Clam Anti-virus Clamav 0.20
Clam Anti-virus Clamav 0.84
Clam Anti-virus Clamav 0.80
Clam Anti-virus Clamav 0.84 Rc1
Clam Anti-virus Clamav 0.15
Clam Anti-virus Clamav 0.90
Clam Anti-virus Clamav 0.80 Rc3
Clam Anti-virus Clamav 0.80 Rc4
Clam Anti-virus Clamav 0.65
Clam Anti-virus Clamav 0.75
Clam Anti-virus Clamav 0.68
Clam Anti-virus Clamav 0.71
Clam Anti-virus Clamav 0.88.3
Clam Anti-virus Clamav 0.88.7
Clam Anti-virus Clamav 0.86.1
Clam Anti-virus Clamav 0.82
Clam Anti-virus Clamav 0.88.1
Clam Anti-virus Clamav 0.73
Clam Anti-virus Clamav 0.72
Clam Anti-virus Clamav 0.85.1
Clam Anti-virus Clamav 0.87
1 EDB exploit
NA
CVE-2008-1568
comix 3.6.4 allows malicious users to execute arbitrary commands via a filename containing shell metacharacters that are not properly sanitized when executing the rar, unrar, or jpegtran programs.
Comix Comix 3.6.4
8.8
CVSSv3
CVE-2023-49102
NZBGet 21.1 allows authenticated remote code execution because the unarchive programs (7za and unrar) preserve executable file permissions. An attacker with the Control capability can execute a file by setting the value of SevenZipCommand or UnrarCmd. NOTE: This vulnerability onl...
Nzbget Nzbget 21.1
5.5
CVSSv3
CVE-2018-1000085
ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xar_hash_check() that can result in Leaking of memory, may help in developing exploit chains.. This attack appear to be exploitable via The victim must scan a crafted XAR...
Clamav Clamav 0.99.3
Debian Debian Linux 7.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 17.10
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2018-25103
CVE-2024-36279
CVE-2024-38457
elevation of privilege
CVE-2024-27801
CVE-2024-30103
NULL pointer dereference
CVE-2024-6057
XML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »