NULL Pointer Dereference in Unrar Component of Unrar-Free from Robert M. S. Clarke
CVE-2017-14121

5.5MEDIUM

Key Information:

Vendor

Rarlab

Status
Unrar
Vendor
CVE Published:
3 September 2017

What is CVE-2017-14121?

The DecodeNumber function in unrarlib.c (part of the unrar 0.0.1 implementation) is susceptible to a NULL pointer dereference, which can be triggered by specially crafted RAR archives. This vulnerability could lead to unexpected behavior and potential application crashes when the code attempts to decode the malformed file. User awareness and prompt updates are essential to mitigate risks posed by this issue.

References

https://bugs.debian.org/874061
x_refsource_MISC
http://www.openwall.com/lists/oss-security/2017/08/20/1
x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2021/02/msg0...
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.