Your submission was sent successfully! Close

CVE-2017-14122

Published: 03 September 2017

unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a stack-based buffer over-read in unrarlib.c, related to ExtrFile and stricomp.

From the Ubuntu security team

It was discovered that UnRAR mishandled specially crafted RAR archive. An attacker could use this vulnerability to cause a denial of service (crash) or possibly leak sensitive information.

Priority

Medium

CVSS 3 base score: 9.1

Status

Package Release Status
unrar-free
Launchpad, Ubuntu, Debian
Upstream
Released (1:0.0.1+cvs20140707-4)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(1:0.0.1+cvs20140707-4)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (1:0.0.1+cvs20140707-4~build0.16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)