Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/rar@2:7.01-1~deb12u1?distro=trixie
purl pkg:deb/debian/rar@2:7.01-1~deb12u1?distro=trixie
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (7)
Vulnerability Summary Aliases
VCID-b8js-x7uu-wka5 Integer signedness error in the SET_VALUE function in rarvm.cpp in unrar 3.70 beta 3, as used in products including WinRAR and RAR for OS X, allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive that causes a negative signed number to be cast to a large unsigned number. CVE-2007-3726
VCID-cnah-rewa-vfe5 Directory Traversal exists in RAR 4.x and 5.x because an unpack operation follows any symlinks, including symlinks contained in the archive. This allows remote attackers to write to arbitrary files via a crafted archive. CVE-2014-9983
VCID-gjr1-fc83-dfe6 An arbitrary file overwrite vulnerability has been discovered in RAR and UnRAR, potentially resulting in arbitrary code execution. CVE-2022-30333
VCID-gkjf-x8s7-57dn RARLAB WinRAR before 7.00, on Linux and UNIX platforms, allows attackers to spoof the screen output, or cause a denial of service, via ANSI escape sequences. CVE-2024-33899
VCID-m2ca-cwwa-mqcc RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of file paths within archive files. A crafted file path can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27198. CVE-2025-6218
VCID-pu5p-qncp-nyb9 RAR and UnRAR contain a buffer overflow allowing the execution of arbitrary code. CVE-2007-0855
VCID-xz6c-axe8-8qbn An arbitrary file overwrite vulnerability has been discovered in RAR and UnRAR, potentially resulting in arbitrary code execution. CVE-2023-40477

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T12:55:58.867948+00:00 Debian Importer Fixing VCID-pu5p-qncp-nyb9 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T12:54:45.442847+00:00 Debian Importer Fixing VCID-b8js-x7uu-wka5 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T12:19:56.418165+00:00 Debian Importer Fixing VCID-xz6c-axe8-8qbn https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T11:59:43.917539+00:00 Debian Importer Fixing VCID-cnah-rewa-vfe5 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T11:04:39.004486+00:00 Debian Importer Fixing VCID-gjr1-fc83-dfe6 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:45:00.223555+00:00 Debian Importer Fixing VCID-m2ca-cwwa-mqcc https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-13T08:52:52.699438+00:00 Debian Importer Fixing VCID-pu5p-qncp-nyb9 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:51:55.931419+00:00 Debian Importer Fixing VCID-b8js-x7uu-wka5 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:26:09.977866+00:00 Debian Importer Fixing VCID-xz6c-axe8-8qbn https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:11:28.338340+00:00 Debian Importer Fixing VCID-cnah-rewa-vfe5 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:31:21.160184+00:00 Debian Importer Fixing VCID-gjr1-fc83-dfe6 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:16:13.367355+00:00 Debian Importer Fixing VCID-m2ca-cwwa-mqcc https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-03T07:51:51.141090+00:00 Debian Importer Fixing VCID-m2ca-cwwa-mqcc https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:51:51.096636+00:00 Debian Importer Fixing VCID-gkjf-x8s7-57dn https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:51:51.041142+00:00 Debian Importer Fixing VCID-xz6c-axe8-8qbn https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:51:50.984732+00:00 Debian Importer Fixing VCID-gjr1-fc83-dfe6 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:51:50.934511+00:00 Debian Importer Fixing VCID-cnah-rewa-vfe5 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:51:50.884793+00:00 Debian Importer Fixing VCID-b8js-x7uu-wka5 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:51:50.831733+00:00 Debian Importer Fixing VCID-pu5p-qncp-nyb9 https://security-tracker.debian.org/tracker/data/json 38.1.0