Known Vulnerabilities for products from Rarlab
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Rarlab".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2018-25018 | UnRAR 5.6.1.7 through 5.7.4 and 6.0.3 has an out-of-bounds write during a memcpy in QuickOpen::ReadRaw when called from Quick... | 7.8 - HIGH | 2021-07-01 | 2021-07-07 |
| CVE-2018-20253 | In WinRAR versions prior to and including 5.60, There is an out-of-bounds write vulnerability during parsing of a crafted LHA... | 7.8 - HIGH | 2019-02-13 | 2019-10-09 |
| CVE-2018-20252 | In WinRAR versions prior to and including 5.60, there is an out-of-bounds write vulnerability during parsing of crafted ACE a... | 7.8 - HIGH | 2019-02-05 | 2019-10-09 |
| CVE-2018-20251 | In WinRAR versions prior to and including 5.61, there is path traversal vulnerability when crafting the filename field of the... | 5.5 - MEDIUM | 2019-02-05 | 2019-10-09 |
| CVE-2018-20250 | In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the... | 7.8 - HIGH | 2019-02-05 | 2019-10-09 |
| CVE-2017-20006 | UnRAR 5.6.1.2 and 5.6.1.3 has a heap-based buffer overflow in Unpack::CopyString (called from Unpack::Unpack5 and CmdExtract:... | 7.8 - HIGH | 2021-07-01 | 2021-07-07 |
| CVE-2017-14122 | unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a stack-based buffer over-read in unrarlib.c, related to ExtrFile and ... | 9.1 - CRITICAL | 2017-09-03 | 2021-02-25 |
| CVE-2017-14121 | The DecodeNumber function in unrarlib.c in unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a NULL pointer dereference ... | 5.5 - MEDIUM | 2017-09-03 | 2021-10-18 |
| CVE-2017-14120 | unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of ... | 7.5 - HIGH | 2017-09-03 | 2021-02-25 |
| CVE-2017-12942 | libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the Unpack::LongLZ function. | 9.8 - CRITICAL | 2017-08-18 | 2018-06-16 |
| CVE-2017-12941 | libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Unpack::Unpack20 function. | 9.8 - CRITICAL | 2017-08-18 | 2018-06-16 |
| CVE-2017-12940 | libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader1... | 9.8 - CRITICAL | 2017-08-18 | 2018-06-16 |
| CVE-2017-12938 | UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symli... | 7.5 - HIGH | 2017-08-18 | 2017-08-29 |
| CVE-2015-5663 | The file-execution functionality in WinRAR before 5.30 beta 5 allows local users to gain privileges via a Trojan horse file w... | 7.4 - HIGH | 2015-12-30 | 2016-12-06 |
| CVE-2014-9983 | Directory Traversal exists in RAR 4.x and 5.x because an unpack operation follows any symlinks, including symlinks contained ... | 5.5 - MEDIUM | 2017-06-04 | 2017-06-12 |
| CVE-2012-6706 | A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine bef... | 9.8 - CRITICAL | 2017-06-22 | 2018-10-21 |
| CVE-2008-7144 | Multiple unspecified vulnerabilities in RARLAB WinRAR before 3.71 have unknown impact and attack vectors related to crafted (... | 10 - HIGH | 2009-09-01 | 2017-08-17 |
| CVE-2007-3726 | Integer signedness error in the SET_VALUE function in rarvm.cpp in unrar 3.70 beta 3, as used in products including WinRAR an... | 4.3 - MEDIUM | 2007-07-12 | 2018-10-15 |
| CVE-2007-0855 | Stack-based buffer overflow in RARLabs Unrar, as packaged in WinRAR and possibly other products, allows user-assisted remote ... | 6.8 - MEDIUM | 2007-02-08 | 2017-07-29 |
| CVE-2006-3912 | Stack-based buffer overflow in the SFX module in WinRAR before 3.60 beta 8 has unspecified vectors and impact. | 2.1 - LOW | 2006-07-28 | 2017-10-19 |