Search for packages
Package details: pkg:deb/debian/unrar-nonfree@1:5.2.7-0.1%2Bdeb8u1
purl pkg:deb/debian/unrar-nonfree@1:5.2.7-0.1%2Bdeb8u1
Next non-vulnerable version 1:7.1.6-1
Latest non-vulnerable version 1:7.1.6-1
Risk 10.0
Vulnerabilities affecting this package (10)
Vulnerability Summary Fixed by
VCID-1hu4-5cj9-aaap
Aliases:
CVE-2017-12940
libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function.
1:5.6.6-1+deb10u1
Affected by 3 other vulnerabilities.
VCID-8dqg-p1qr-aaak
Aliases:
CVE-2018-25018
UnRAR 5.6.1.7 through 5.7.4 and 6.0.3 has an out-of-bounds write during a memcpy in QuickOpen::ReadRaw when called from QuickOpen::ReadNext.
1:5.6.6-1+deb10u1
Affected by 3 other vulnerabilities.
VCID-bp4e-rpmg-aaad
Aliases:
CVE-2022-30333
RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.
1:5.6.6-1+deb10u1
Affected by 3 other vulnerabilities.
1:6.0.3-1+deb11u3
Affected by 1 other vulnerability.
VCID-fyqp-bqj9-aaaq
Aliases:
CVE-2017-12941
libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Unpack::Unpack20 function.
1:5.6.6-1+deb10u1
Affected by 3 other vulnerabilities.
VCID-pkqm-2dfr-aaak
Aliases:
CVE-2022-48579
UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains.
1:6.0.3-1+deb11u3
Affected by 1 other vulnerability.
VCID-t6yj-dk46-aaah
Aliases:
CVE-2017-20006
UnRAR 5.6.1.2 and 5.6.1.3 has a heap-based buffer overflow in Unpack::CopyString (called from Unpack::Unpack5 and CmdExtract::ExtractCurrentFile).
1:5.6.6-1+deb10u1
Affected by 3 other vulnerabilities.
VCID-v4p2-8vhg-aaac
Aliases:
CVE-2017-12942
libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the Unpack::LongLZ function.
1:5.6.6-1+deb10u1
Affected by 3 other vulnerabilities.
VCID-vxxz-hdyh-aaar
Aliases:
CVE-2017-12938
UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file.
1:5.6.6-1+deb10u1
Affected by 3 other vulnerabilities.
VCID-w1x3-c3xc-aaab
Aliases:
CVE-2023-40477
RARLAB WinRAR Recovery Volume Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of recovery volumes. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21233.
1:6.0.3-1+deb11u3
Affected by 1 other vulnerability.
1:6.2.6-1+deb12u1
Affected by 1 other vulnerability.
VCID-z9ce-vj34-aaas
Aliases:
CVE-2012-6706
A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. An integer overflow can be caused in DataSize+CurChannel. The result is a negative value of the "DestPos" variable, which allows the attacker to write out of bounds when setting Mem[DestPos].
1:5.6.6-1+deb10u1
Affected by 3 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-21T19:05:35.655485+00:00 Debian Oval Importer Affected by VCID-pkqm-2dfr-aaak https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-06-21T18:27:41.105253+00:00 Debian Oval Importer Affected by VCID-fyqp-bqj9-aaaq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-06-21T18:20:37.639114+00:00 Debian Oval Importer Affected by VCID-z9ce-vj34-aaas https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-06-21T17:56:46.129207+00:00 Debian Oval Importer Affected by VCID-8dqg-p1qr-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T16:59:28.425745+00:00 Debian Oval Importer Affected by VCID-vxxz-hdyh-aaar https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T16:15:00.608656+00:00 Debian Oval Importer Affected by VCID-1hu4-5cj9-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T15:44:32.587104+00:00 Debian Oval Importer Affected by VCID-w1x3-c3xc-aaab https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T15:41:41.893241+00:00 Debian Oval Importer Affected by VCID-v4p2-8vhg-aaac https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T14:44:47.226623+00:00 Debian Oval Importer Affected by VCID-fyqp-bqj9-aaaq https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T13:53:07.152940+00:00 Debian Oval Importer Affected by VCID-pkqm-2dfr-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T13:34:34.426141+00:00 Debian Oval Importer Affected by VCID-z9ce-vj34-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T13:33:09.807538+00:00 Debian Oval Importer Affected by VCID-bp4e-rpmg-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T12:39:45.119403+00:00 Debian Oval Importer Affected by VCID-t6yj-dk46-aaah https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T08:55:44.979111+00:00 Debian Oval Importer Affected by VCID-w1x3-c3xc-aaab None 36.1.3
2025-06-21T08:48:16.084988+00:00 Debian Oval Importer Affected by VCID-pkqm-2dfr-aaak None 36.1.3
2025-06-21T01:09:29.264542+00:00 Debian Oval Importer Affected by VCID-fyqp-bqj9-aaaq None 36.1.3
2025-06-20T23:45:50.749039+00:00 Debian Oval Importer Affected by VCID-bp4e-rpmg-aaad None 36.1.3
2025-06-20T23:33:18.316323+00:00 Debian Oval Importer Affected by VCID-vxxz-hdyh-aaar None 36.1.3
2025-06-20T23:10:06.752290+00:00 Debian Oval Importer Affected by VCID-8dqg-p1qr-aaak None 36.1.3
2025-06-20T22:58:07.676934+00:00 Debian Oval Importer Affected by VCID-1hu4-5cj9-aaap None 36.1.3
2025-06-20T22:41:17.837220+00:00 Debian Oval Importer Affected by VCID-t6yj-dk46-aaah None 36.1.3
2025-06-20T21:56:00.116484+00:00 Debian Oval Importer Affected by VCID-z9ce-vj34-aaas None 36.1.3
2025-06-20T21:38:12.767336+00:00 Debian Oval Importer Affected by VCID-v4p2-8vhg-aaac None 36.1.3
2025-06-08T13:08:27.919841+00:00 Debian Oval Importer Affected by VCID-v4p2-8vhg-aaac https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T12:12:35.061671+00:00 Debian Oval Importer Affected by VCID-bp4e-rpmg-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T12:04:09.748657+00:00 Debian Oval Importer Affected by VCID-vxxz-hdyh-aaar https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T11:34:43.332433+00:00 Debian Oval Importer Affected by VCID-pkqm-2dfr-aaak https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T10:58:13.549059+00:00 Debian Oval Importer Affected by VCID-fyqp-bqj9-aaaq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T10:51:32.350844+00:00 Debian Oval Importer Affected by VCID-z9ce-vj34-aaas https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T10:28:28.184287+00:00 Debian Oval Importer Affected by VCID-8dqg-p1qr-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T09:44:33.118423+00:00 Debian Oval Importer Affected by VCID-vxxz-hdyh-aaar https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T09:02:04.540878+00:00 Debian Oval Importer Affected by VCID-1hu4-5cj9-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T08:38:19.965266+00:00 Debian Oval Importer Affected by VCID-w1x3-c3xc-aaab https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T08:35:49.710339+00:00 Debian Oval Importer Affected by VCID-v4p2-8vhg-aaac https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T07:38:06.056706+00:00 Debian Oval Importer Affected by VCID-fyqp-bqj9-aaaq https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T06:47:23.792543+00:00 Debian Oval Importer Affected by VCID-pkqm-2dfr-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T06:28:41.142852+00:00 Debian Oval Importer Affected by VCID-z9ce-vj34-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T06:27:13.018983+00:00 Debian Oval Importer Affected by VCID-bp4e-rpmg-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T05:36:18.952586+00:00 Debian Oval Importer Affected by VCID-t6yj-dk46-aaah https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T02:42:14.032665+00:00 Debian Oval Importer Affected by VCID-w1x3-c3xc-aaab None 36.1.0
2025-06-08T02:34:39.452047+00:00 Debian Oval Importer Affected by VCID-pkqm-2dfr-aaak None 36.1.0
2025-06-07T18:32:07.752641+00:00 Debian Oval Importer Affected by VCID-fyqp-bqj9-aaaq None 36.1.0
2025-06-07T17:08:43.725505+00:00 Debian Oval Importer Affected by VCID-bp4e-rpmg-aaad None 36.1.0
2025-06-07T16:56:14.074788+00:00 Debian Oval Importer Affected by VCID-vxxz-hdyh-aaar None 36.1.0
2025-06-07T16:33:15.748976+00:00 Debian Oval Importer Affected by VCID-8dqg-p1qr-aaak None 36.1.0
2025-06-07T16:21:22.077013+00:00 Debian Oval Importer Affected by VCID-1hu4-5cj9-aaap None 36.1.0
2025-06-07T16:05:13.172345+00:00 Debian Oval Importer Affected by VCID-t6yj-dk46-aaah None 36.1.0
2025-06-07T15:19:21.058264+00:00 Debian Oval Importer Affected by VCID-z9ce-vj34-aaas None 36.1.0
2025-06-07T15:00:56.916059+00:00 Debian Oval Importer Affected by VCID-v4p2-8vhg-aaac None 36.1.0
2025-04-12T20:20:55.155934+00:00 Debian Oval Importer Affected by VCID-t6yj-dk46-aaah https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T19:54:03.632634+00:00 Debian Oval Importer Affected by VCID-8dqg-p1qr-aaak https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T19:52:23.787723+00:00 Debian Oval Importer Affected by VCID-1hu4-5cj9-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T19:19:59.238220+00:00 Debian Oval Importer Affected by VCID-w1x3-c3xc-aaab https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:56:06.883653+00:00 Debian Oval Importer Affected by VCID-v4p2-8vhg-aaac https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T17:58:16.039047+00:00 Debian Oval Importer Affected by VCID-bp4e-rpmg-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T17:49:34.320923+00:00 Debian Oval Importer Affected by VCID-vxxz-hdyh-aaar https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T17:19:11.303431+00:00 Debian Oval Importer Affected by VCID-pkqm-2dfr-aaak https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T16:40:58.250761+00:00 Debian Oval Importer Affected by VCID-fyqp-bqj9-aaaq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T16:33:54.209396+00:00 Debian Oval Importer Affected by VCID-z9ce-vj34-aaas https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T16:09:42.123781+00:00 Debian Oval Importer Affected by VCID-8dqg-p1qr-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T08:16:55.141851+00:00 Debian Oval Importer Affected by VCID-vxxz-hdyh-aaar https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T07:33:45.269250+00:00 Debian Oval Importer Affected by VCID-1hu4-5cj9-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T07:09:46.718926+00:00 Debian Oval Importer Affected by VCID-w1x3-c3xc-aaab https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T07:07:16.013062+00:00 Debian Oval Importer Affected by VCID-v4p2-8vhg-aaac https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T06:10:38.672391+00:00 Debian Oval Importer Affected by VCID-fyqp-bqj9-aaaq https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T05:19:48.643875+00:00 Debian Oval Importer Affected by VCID-pkqm-2dfr-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T05:00:57.834866+00:00 Debian Oval Importer Affected by VCID-z9ce-vj34-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T04:59:30.727634+00:00 Debian Oval Importer Affected by VCID-bp4e-rpmg-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T04:07:50.650347+00:00 Debian Oval Importer Affected by VCID-t6yj-dk46-aaah https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T01:09:33.015194+00:00 Debian Oval Importer Affected by VCID-w1x3-c3xc-aaab None 36.0.0
2025-04-08T01:01:58.306565+00:00 Debian Oval Importer Affected by VCID-pkqm-2dfr-aaak None 36.0.0
2025-04-07T17:09:48.417079+00:00 Debian Oval Importer Affected by VCID-fyqp-bqj9-aaaq None 36.0.0
2025-04-07T15:42:17.197209+00:00 Debian Oval Importer Affected by VCID-bp4e-rpmg-aaad None 36.0.0
2025-04-07T15:29:16.827224+00:00 Debian Oval Importer Affected by VCID-vxxz-hdyh-aaar None 36.0.0
2025-04-07T15:05:20.888201+00:00 Debian Oval Importer Affected by VCID-8dqg-p1qr-aaak None 36.0.0
2025-04-07T14:53:05.879916+00:00 Debian Oval Importer Affected by VCID-1hu4-5cj9-aaap None 36.0.0
2025-04-07T14:36:24.552884+00:00 Debian Oval Importer Affected by VCID-t6yj-dk46-aaah None 36.0.0
2025-04-07T13:50:49.825031+00:00 Debian Oval Importer Affected by VCID-z9ce-vj34-aaas None 36.0.0
2025-04-07T13:32:51.442580+00:00 Debian Oval Importer Affected by VCID-v4p2-8vhg-aaac None 36.0.0
2024-11-29T13:49:48.043340+00:00 Debian Oval Importer Affected by VCID-z9ce-vj34-aaas https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-10-14T20:35:19.434977+00:00 Debian Oval Importer Affected by VCID-z9ce-vj34-aaas https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-09-21T12:14:17.654941+00:00 Debian Oval Importer Affected by VCID-z9ce-vj34-aaas https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1