12 matches found
CVE-2017-20006
UnRAR 5.6.1.2 and 5.6.1.3 has a heap-based buffer overflow in Unpack::CopyString called from Unpack::Unpack5 and CmdExtract::ExtractCurrentFile...
CVE-2017-20006
UnRAR 5.6.1.2 and 5.6.1.3 has a heap-based buffer overflow in Unpack::CopyString called from Unpack::Unpack5 and CmdExtract::ExtractCurrentFile...
OSV-2017-110 Use-of-uninitialized-value in ExtractUnixLink30
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4309 Crash type: Use-of-uninitialized-value Crash state: ExtractUnixLink30 ExtractSymlink CmdExtract::ExtractCurrentFile...
OSV-2017-104 Heap-buffer-overflow in Unpack::CopyString
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4373 Crash type: Heap-buffer-overflow WRITE 1 Crash state: Unpack::CopyString Unpack::Unpack5 CmdExtract::ExtractCurrentFile...
OSV-2017-100 Use-of-uninitialized-value in Archive::ConvertAttributes
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4272 Crash type: Use-of-uninitialized-value Crash state: Archive::ConvertAttributes CmdExtract::ExtractCurrentFile CmdExtract::ExtractArchive...
OSV-2017-95 Use-of-uninitialized-value in Archive::GetComment
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4410 Crash type: Use-of-uninitialized-value Crash state: Archive::GetComment Archive::ViewComment CmdExtract::ExtractArchive...
OSV-2017-65 Use-of-uninitialized-value in Archive::GetComment
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4275 Crash type: Use-of-uninitialized-value Crash state: Archive::GetComment Archive::ViewComment CmdExtract::ExtractArchive...
OSV-2017-64 Use-of-uninitialized-value in SetExtraInfo20
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4408 Crash type: Use-of-uninitialized-value Crash state: SetExtraInfo20 CmdExtract::ExtractCurrentFile CmdExtract::ExtractArchive...
OSV-2017-13 Heap-buffer-overflow in File::Write
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4293 Crash type: Heap-buffer-overflow READ Crash state: File::Write ComprDataIO::UnpWrite CmdExtract::UnstoreFile...
OSV-2017-3 Use-of-uninitialized-value in Archive::GetComment
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4610 Crash type: Use-of-uninitialized-value Crash state: Archive::GetComment Archive::ViewComment CmdExtract::ExtractArchive...
Rar - CmdExtract::UnstoreFile Integer Truncation Memory Corruption
Rar - CmdExtract::UnstoreFile Integer Truncation Memory Corruption Source: https://code.google.com/p/google-security-research/issues/detail?id=550 The attached file crashes in CmdExtract::UnstoreFile because the signed int64 DestUnpSize is truncated to an unsigned 32bit integer. Perhaps...
Rar - CmdExtract::UnstoreFile Integer Truncation Memory Corruption
Source: https://code.google.com/p/google-security-research/issues/detail?id=550 The attached file crashes in CmdExtract::UnstoreFile because the signed int64 DestUnpSize is truncated to an unsigned 32bit integer. Perhaps CmdExtract::ExtractCurrentFile should sanity check Arc.FileHead.UnpSize earl...