Vulnerabilities > Rarlab
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-03 | CVE-2017-14121 | NULL Pointer Dereference vulnerability in multiple products The DecodeNumber function in unrarlib.c in unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a NULL pointer dereference flaw triggered by a crafted RAR archive. | 4.3 |
| 2017-09-03 | CVE-2017-14120 | Path Traversal vulnerability in multiple products unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of the form ../[filename] are unpacked into the upper directory. | 5.0 |
| 2017-08-18 | CVE-2017-12942 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Rarlab Unrar libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the Unpack::LongLZ function. | 7.5 |
| 2017-08-18 | CVE-2017-12941 | Out-of-bounds Read vulnerability in Rarlab Unrar libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Unpack::Unpack20 function. | 7.5 |
| 2017-08-18 | CVE-2017-12940 | Out-of-bounds Read vulnerability in Rarlab Unrar libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function. | 7.5 |
| 2017-08-18 | CVE-2017-12938 | Path Traversal vulnerability in Rarlab Unrar UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . | 5.0 |
| 2017-06-22 | CVE-2012-6706 | Integer Overflow or Wraparound vulnerability in multiple products A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. | 10.0 |
| 2017-06-04 | CVE-2014-9983 | Path Traversal vulnerability in Rarlab RAR Directory Traversal exists in RAR 4.x and 5.x because an unpack operation follows any symlinks, including symlinks contained in the archive. | 4.3 |
| 2015-12-30 | CVE-2015-5663 | Permissions, Privileges, and Access Controls vulnerability in Rarlab Winrar 5.30 The file-execution functionality in WinRAR before 5.30 beta 5 allows local users to gain privileges via a Trojan horse file with a name similar to an extensionless filename that was selected by the user. | 3.7 |
| 2009-09-01 | CVE-2008-7144 | Remote Security vulnerability in WinRar Multiple unspecified vulnerabilities in RARLAB WinRAR before 3.71 have unknown impact and attack vectors related to crafted (1) ACE, (2) ARJ, (3) BZ2, (4) CAB, (5) GZ, (6) LHA, (7) RAR, (8) TAR, or (9) ZIP files, as demonstrated by the OUSPG PROTOS GENOME test suite for Archive Formats. | 10.0 |