Search for packages
Package details: pkg:deb/ubuntu/unrar-nonfree@1:4.2.4-0.3
purl pkg:deb/ubuntu/unrar-nonfree@1:4.2.4-0.3
Next non-vulnerable version 1:5.6.6-2build1
Latest non-vulnerable version 1:5.6.6-2build1
Risk 4.4
Vulnerabilities affecting this package (5)
Vulnerability Summary Fixed by
VCID-1hu4-5cj9-aaap
Aliases:
CVE-2017-12940
libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function.
1:5.5.8-1
Affected by 1 other vulnerability.
VCID-fyqp-bqj9-aaaq
Aliases:
CVE-2017-12941
libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Unpack::Unpack20 function.
1:5.5.8-1
Affected by 1 other vulnerability.
VCID-t6yj-dk46-aaah
Aliases:
CVE-2017-20006
UnRAR 5.6.1.2 and 5.6.1.3 has a heap-based buffer overflow in Unpack::CopyString (called from Unpack::Unpack5 and CmdExtract::ExtractCurrentFile).
1:5.6.6-2build1
Affected by 0 other vulnerabilities.
VCID-v4p2-8vhg-aaac
Aliases:
CVE-2017-12942
libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the Unpack::LongLZ function.
1:5.5.8-1
Affected by 1 other vulnerability.
VCID-vxxz-hdyh-aaar
Aliases:
CVE-2017-12938
UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file.
1:5.5.8-1
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version