Skip to main content

Unrar

10 CVEs product

Monthly

CVE-2026-14191 HIGH PATCH This Week

Out-of-bounds heap write in the RAR5 recovery-volume (.rev) parser of WinRAR, RAR, UnRAR, and unrar.dll (versions before 7.23) lets an attacker corrupt heap memory when a victim runs a recovery, test, or repair operation on a crafted multi-file .rev set. Because subsequent .rev files supply a RecNum value validated only against their own TotalCount and never against the actual RecItems allocation, an attacker-controlled 32-bit value can be written far past the buffer, enabling memory corruption and potential code execution. There is no public exploit identified at time of analysis, but this is the RAR5-path sibling of the previously exploited CVE-2023-40477, and CWE-787 flaws in WinRAR have historically led to reliable RCE.

Memory Corruption Buffer Overflow Winrar Rar Unrar +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-30333 HIGH POC KEV PATCH THREAT Act Now

RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Google Path Traversal Unrar Debian Linux
NVD
CVSS 3.1
7.5
EPSS
99.0%
CVE-2017-14122 CRITICAL Act Now

unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a stack-based buffer over-read in unrarlib.c, related to ExtrFile and stricomp. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Unrar Debian Linux
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2017-14121 MEDIUM This Month

The DecodeNumber function in unrarlib.c in unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a NULL pointer dereference flaw triggered by a crafted RAR archive. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Unrar Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2017-14120 HIGH This Week

unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of the form ../[filename] are unpacked into the upper directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Unrar Debian Linux
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2017-12942 CRITICAL POC Act Now

libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the Unpack::LongLZ function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Unrar
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2017-12941 CRITICAL POC Act Now

libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Unpack::Unpack20 function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Unrar
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2017-12940 CRITICAL POC Act Now

libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Unrar
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-12938 HIGH POC This Week

UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Unrar
NVD
CVSS 3.0
7.5
EPSS
0.9%
CVE-2012-6706 CRITICAL POC Act Now

A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Sophos Buffer Overflow Threat Detection Engine +1
NVD
CVSS 3.0
9.8
EPSS
2.4%
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Out-of-bounds heap write in the RAR5 recovery-volume (.rev) parser of WinRAR, RAR, UnRAR, and unrar.dll (versions before 7.23) lets an attacker corrupt heap memory when a victim runs a recovery, test, or repair operation on a crafted multi-file .rev set. Because subsequent .rev files supply a RecNum value validated only against their own TotalCount and never against the actual RecItems allocation, an attacker-controlled 32-bit value can be written far past the buffer, enabling memory corruption and potential code execution. There is no public exploit identified at time of analysis, but this is the RAR5-path sibling of the previously exploited CVE-2023-40477, and CWE-787 flaws in WinRAR have historically led to reliable RCE.

Memory Corruption Buffer Overflow Winrar +3
NVD
EPSS 99% CVSS 7.5
HIGH POC KEV PATCH THREAT Act Now

RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Google Path Traversal Unrar +1
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a stack-based buffer over-read in unrarlib.c, related to ExtrFile and stricomp. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Unrar +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The DecodeNumber function in unrarlib.c in unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a NULL pointer dereference flaw triggered by a crafted RAR archive. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Unrar +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of the form ../[filename] are unpacked into the upper directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Unrar Debian Linux
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the Unpack::LongLZ function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Unrar
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Unpack::Unpack20 function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Unrar
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Unrar
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Unrar
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Sophos +3
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy