Search for packages
Package details: pkg:deb/debian/libclamunrar@0.102.3-0%2Bdeb9u1
purl pkg:deb/debian/libclamunrar@0.102.3-0%2Bdeb9u1
Next non-vulnerable version 0.103.10-1~deb11u1
Latest non-vulnerable version 0.103.10-1~deb11u1
Risk 7.8
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-w1x3-c3xc-aaab
Aliases:
CVE-2023-40477
RARLAB WinRAR Recovery Volume Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of recovery volumes. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21233.
0.103.10-1~deb11u1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (3)
Vulnerability Summary Aliases
VCID-xc7t-rzu4-aaap A vulnerability in the RAR file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper error-handling mechanisms when processing nested RAR files sent to an affected device. An attacker could exploit this vulnerability by sending a crafted RAR file to an affected device. An exploit could allow the attacker to view or create arbitrary files on the targeted system. CVE-2019-1785
VCID-xkwu-ahuh-aaaj A vulnerability in the Portable Executable (PE) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms for PE files sent an affected device. An attacker could exploit this vulnerability by sending malformed PE files to the device running an affected version ClamAV Software. An exploit could allow the attacker to cause an out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device. CVE-2019-1798
VCID-z9ce-vj34-aaas A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. An integer overflow can be caused in DataSize+CurChannel. The result is a negative value of the "DestPos" variable, which allows the attacker to write out of bounds when setting Mem[DestPos]. CVE-2012-6706

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-21T18:28:38.664473+00:00 Debian Oval Importer Fixing VCID-xc7t-rzu4-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-06-21T18:21:58.558137+00:00 Debian Oval Importer Fixing VCID-xkwu-ahuh-aaaj https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-06-21T17:18:24.142474+00:00 Debian Oval Importer Affected by VCID-w1x3-c3xc-aaab https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T15:58:21.918480+00:00 Debian Oval Importer Fixing VCID-xkwu-ahuh-aaaj https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T13:29:07.690500+00:00 Debian Oval Importer Fixing VCID-z9ce-vj34-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T12:11:28.863030+00:00 Debian Oval Importer Fixing VCID-xc7t-rzu4-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T00:05:41.854076+00:00 Debian Oval Importer Fixing VCID-xc7t-rzu4-aaap None 36.1.3
2025-06-20T22:44:59.330544+00:00 Debian Oval Importer Fixing VCID-z9ce-vj34-aaas None 36.1.3
2025-06-20T22:26:29.504994+00:00 Debian Oval Importer Fixing VCID-xkwu-ahuh-aaaj None 36.1.3
2025-06-08T12:55:47.585641+00:00 Debian Oval Importer Affected by VCID-w1x3-c3xc-aaab https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T12:40:12.975351+00:00 Debian Oval Importer Fixing VCID-z9ce-vj34-aaas https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T10:59:09.728541+00:00 Debian Oval Importer Fixing VCID-xc7t-rzu4-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T10:52:46.061496+00:00 Debian Oval Importer Fixing VCID-xkwu-ahuh-aaaj https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T09:59:30.907434+00:00 Debian Oval Importer Affected by VCID-w1x3-c3xc-aaab https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T08:51:42.895755+00:00 Debian Oval Importer Fixing VCID-xkwu-ahuh-aaaj https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T06:23:08.290385+00:00 Debian Oval Importer Fixing VCID-z9ce-vj34-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T05:17:16.504644+00:00 Debian Oval Importer Fixing VCID-xc7t-rzu4-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-07T17:28:28.293678+00:00 Debian Oval Importer Fixing VCID-xc7t-rzu4-aaap None 36.1.0
2025-06-07T16:08:55.384576+00:00 Debian Oval Importer Fixing VCID-z9ce-vj34-aaas None 36.1.0
2025-06-07T15:50:44.458894+00:00 Debian Oval Importer Fixing VCID-xkwu-ahuh-aaaj None 36.1.0
2025-04-12T18:43:01.978920+00:00 Debian Oval Importer Affected by VCID-w1x3-c3xc-aaab https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:26:57.724140+00:00 Debian Oval Importer Fixing VCID-z9ce-vj34-aaas https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T16:41:57.513678+00:00 Debian Oval Importer Fixing VCID-xc7t-rzu4-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T16:35:11.614677+00:00 Debian Oval Importer Fixing VCID-xkwu-ahuh-aaaj https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-08T08:31:47.114754+00:00 Debian Oval Importer Affected by VCID-w1x3-c3xc-aaab https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T07:23:15.285655+00:00 Debian Oval Importer Fixing VCID-xkwu-ahuh-aaaj https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T04:55:24.374541+00:00 Debian Oval Importer Fixing VCID-z9ce-vj34-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T03:48:19.923724+00:00 Debian Oval Importer Fixing VCID-xc7t-rzu4-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-07T16:02:55.685779+00:00 Debian Oval Importer Fixing VCID-xc7t-rzu4-aaap None 36.0.0
2025-04-07T14:40:11.898258+00:00 Debian Oval Importer Fixing VCID-z9ce-vj34-aaas None 36.0.0
2025-04-07T14:21:35.011217+00:00 Debian Oval Importer Fixing VCID-xkwu-ahuh-aaaj None 36.0.0
2024-11-29T13:49:47.303995+00:00 Debian Oval Importer Fixing VCID-z9ce-vj34-aaas https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-10-14T20:35:18.682774+00:00 Debian Oval Importer Fixing VCID-z9ce-vj34-aaas https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-09-21T12:14:16.928694+00:00 Debian Oval Importer Fixing VCID-z9ce-vj34-aaas https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1