starcadi has reported some vulnerabilities in unrarlib, which potentially can be exploited by malicious people to gain escalated privileges or compromise a vulnerable system.
The vulnerabilities are caused due to boundary errors within the "urarlib_get()" function in urarlib.c when processing the "filename", "rarfile", and "libpassword" arguments. These can be exploited to cause buffer overflows via setting an overly long string (greater than 255 bytes) as one of the mentioned arguments.
Successful exploitation may allow execution of arbitrary code.
The vulnerabilities are reported in version 0.4.0. Other versions and products that use the application may also be affected.
Solution: Do not process untrusted files in applications using the vulnerable library.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org