Vulnerabilities > Rarlab
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-03 | CVE-2017-14122 | Out-of-bounds Read vulnerability in multiple products unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a stack-based buffer over-read in unrarlib.c, related to ExtrFile and stricomp. | 9.1 |
| 2017-09-03 | CVE-2017-14121 | NULL Pointer Dereference vulnerability in multiple products The DecodeNumber function in unrarlib.c in unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a NULL pointer dereference flaw triggered by a crafted RAR archive. | 5.5 |
| 2017-09-03 | CVE-2017-14120 | Path Traversal vulnerability in multiple products unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of the form ../[filename] are unpacked into the upper directory. | 7.5 |
| 2017-08-18 | CVE-2017-12942 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Rarlab Unrar 0.0.1/5.5.4/5.5.6 libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the Unpack::LongLZ function. | 9.8 |
| 2017-08-18 | CVE-2017-12941 | Out-of-bounds Read vulnerability in Rarlab Unrar 0.0.1/5.5.4/5.5.6 libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Unpack::Unpack20 function. | 9.8 |
| 2017-08-18 | CVE-2017-12940 | Out-of-bounds Read vulnerability in Rarlab Unrar 0.0.1/5.5.4/5.5.6 libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function. | 9.8 |
| 2017-08-18 | CVE-2017-12938 | Path Traversal vulnerability in Rarlab Unrar 0.0.1/5.5.4/5.5.6 UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . | 7.5 |
| 2017-06-22 | CVE-2012-6706 | Integer Overflow or Wraparound vulnerability in multiple products A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. | 9.8 |
| 2017-06-04 | CVE-2014-9983 | Path Traversal vulnerability in Rarlab RAR Directory Traversal exists in RAR 4.x and 5.x because an unpack operation follows any symlinks, including symlinks contained in the archive. | 5.5 |
| 2015-12-30 | CVE-2015-5663 | Permissions, Privileges, and Access Controls vulnerability in Rarlab Winrar 5.30 The file-execution functionality in WinRAR before 5.30 beta 5 allows local users to gain privileges via a Trojan horse file with a name similar to an extensionless filename that was selected by the user. | 7.4 |