Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
unrar vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2017-11190
unrarlib.c in unrar-free 0.0.1, when _DEBUG_LOG mode is enabled, might allow remote malicious users to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via an RAR archive containing a long filename.
Rarzilla Unrar-free 0.0.1
383
VMScore
CVE-2007-3726
Integer signedness error in the SET_VALUE function in rarvm.cpp in unrar 3.70 beta 3, as used in products including WinRAR and RAR for OS X, allows user-assisted remote malicious users to cause a denial of service (crash) via a crafted RAR archive that causes a negative signed nu...
Rarlab Unrar 3.70 Beta 3
890
VMScore
CVE-2012-6706
A VMSF_DELTA memory corruption exists in unrar prior to 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine prior to 3.37.2 and other products, that can lead to arbitrary code execution. An integer overflow can be caused in DataSize+CurChannel. The result is a negative va...
Sophos Threat Detection Engine
Rarlab Unrar
445
VMScore
CVE-2017-14120
unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of the form ../[filename] are unpacked into the upper directory.
Rarlab Unrar 0.0.1
Debian Debian Linux 9.0
384
VMScore
CVE-2017-14121
The DecodeNumber function in unrarlib.c in unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a NULL pointer dereference flaw triggered by a crafted RAR archive. NOTE: this may be the same as one of the several test cases in the CVE-2017-11189 references.
Rarlab Unrar 0.0.1
Debian Debian Linux 9.0
570
VMScore
CVE-2017-14122
unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a stack-based buffer over-read in unrarlib.c, related to ExtrFile and stricomp.
Rarlab Unrar 0.0.1
Debian Debian Linux 9.0
435
VMScore
CVE-2007-3725
The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) prior to 0.91 allows user-assisted remote malicious users to cause a denial of service (crash) via a crafted RAR archive, resulting in a NULL pointer dereference.
Clam Anti-virus Clamav 0.24
Clam Anti-virus Clamav 0.20
Clam Anti-virus Clamav 0.84
Clam Anti-virus Clamav 0.80
Clam Anti-virus Clamav 0.84 Rc1
Clam Anti-virus Clamav 0.15
Clam Anti-virus Clamav 0.90
Clam Anti-virus Clamav 0.80 Rc3
Clam Anti-virus Clamav 0.80 Rc4
Clam Anti-virus Clamav 0.65
Clam Anti-virus Clamav 0.75
Clam Anti-virus Clamav 0.68
Clam Anti-virus Clamav 0.71
Clam Anti-virus Clamav 0.88.3
Clam Anti-virus Clamav 0.88.7
Clam Anti-virus Clamav 0.86.1
Clam Anti-virus Clamav 0.82
Clam Anti-virus Clamav 0.88.1
Clam Anti-virus Clamav 0.73
Clam Anti-virus Clamav 0.72
Clam Anti-virus Clamav 0.85.1
Clam Anti-virus Clamav 0.87
1 EDB exploit
668
VMScore
CVE-2008-1568
comix 3.6.4 allows malicious users to execute arbitrary commands via a filename containing shell metacharacters that are not properly sanitized when executing the rar, unrar, or jpegtran programs.
Comix Comix 3.6.4
NA
CVE-2023-49102
NZBGet 21.1 allows authenticated remote code execution because the unarchive programs (7za and unrar) preserve executable file permissions. An attacker with the Control capability can execute a file by setting the value of SevenZipCommand or UnrarCmd. NOTE: This vulnerability onl...
Nzbget Nzbget 21.1
383
VMScore
CVE-2018-1000085
ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xar_hash_check() that can result in Leaking of memory, may help in developing exploit chains.. This attack appear to be exploitable via The victim must scan a crafted XAR...
Clamav Clamav 0.99.3
Debian Debian Linux 7.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 17.10
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »