628178 – (CVE-2017-12940, CVE-2017-12941, CVE-2017-12942) [TRACKER] Multiple vulnerabilities through embedded app-arch/unrar (CVE-{2017-12940,2017-12941,2017-12942})

Bug 628178 (CVE-2017-12940, CVE-2017-12941, CVE-2017-12942) - [TRACKER] Multiple vulnerabilities through embedded app-arch/unrar (CVE-{2017-12940,2017-12941,2017-12942})

Summary: [TRACKER] Multiple vulnerabilities through embedded app-arch/unrar (CVE-{2017...

Status:	RESOLVED FIXED

Alias:	CVE-2017-12940, CVE-2017-12941, CVE-2017-12942

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Gentoo Security

URL:	http://seclists.org/oss-sec/2017/q3/290
Whiteboard:
Keywords:	Tracker

Depends on:	628182 628184 628186 628194
Blocks:
	Show dependency tree

Reported:	2017-08-18 14:39 UTC by GLSAMaker/CVETool Bot
Modified:	2020-06-13 18:38 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description GLSAMaker/CVETool Bot gentoo-dev

2017-08-18 14:39:49 UTC

CVE-2017-12940 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12940):
  libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the
  EncodeFileName::Decode call within the Archive::ReadHeader15 function.

CVE-2017-12941 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12941):
  libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the
  Unpack::Unpack20 function.

CVE-2017-12942 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12942):
  libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the Unpack::LongLZ
  function.