Vulnerabilities > Rarlab

DATE CVE VULNERABILITY TITLE RISK
2021-07-01 CVE-2017-20006 Out-Of-Bounds Write vulnerability in Rarlab Unrar 5.6.1.2/5.6.1.3
UnRAR 5.6.1.2 and 5.6.1.3 has a heap-based buffer overflow in Unpack::CopyString (called from Unpack::Unpack5 and CmdExtract::ExtractCurrentFile).
network
rarlab CWE-787
6.8
2021-07-01 CVE-2018-25018 Out-Of-Bounds Write vulnerability in Rarlab Unrar 6.0.3
UnRAR 5.6.1.7 through 5.7.4 and 6.0.3 has an out-of-bounds write during a memcpy in QuickOpen::ReadRaw when called from QuickOpen::ReadNext.
network
rarlab CWE-787
6.8
2019-02-13 CVE-2018-20253 Out-Of-Bounds Write vulnerability in Rarlab Winrar
In WinRAR versions prior to and including 5.60, There is an out-of-bounds write vulnerability during parsing of a crafted LHA / LZH archive formats.
network
rarlab CWE-787
6.8
2019-02-05 CVE-2018-20252 Out-Of-Bounds Write vulnerability in Rarlab Winrar
In WinRAR versions prior to and including 5.60, there is an out-of-bounds write vulnerability during parsing of crafted ACE and RAR archive formats.
network
rarlab CWE-787
6.8
2019-02-05 CVE-2018-20251 Path Traversal vulnerability in Rarlab Winrar
In WinRAR versions prior to and including 5.61, there is path traversal vulnerability when crafting the filename field of the ACE format.
network
rarlab CWE-22
4.3
2019-02-05 CVE-2018-20250 Path Traversal vulnerability in Rarlab Winrar
In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll).
network
rarlab CWE-22
6.8
2017-09-03 CVE-2017-14122 Out-Of-Bounds Read vulnerability in multiple products
unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a stack-based buffer over-read in unrarlib.c, related to ExtrFile and stricomp.
network
low complexity
rarlab debian CWE-125
6.4
2017-09-03 CVE-2017-14121 Null Pointer Dereference vulnerability in multiple products
The DecodeNumber function in unrarlib.c in unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a NULL pointer dereference flaw triggered by a specially crafted RAR archive.
4.3
2017-09-03 CVE-2017-14120 Path Traversal vulnerability in multiple products
unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of the form ../[filename] are unpacked into the upper directory.
network
low complexity
rarlab debian CWE-22
5.0
2017-08-18 CVE-2017-12942 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Rarlab Unrar
libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the Unpack::LongLZ function.
network
low complexity
rarlab CWE-119
7.5