Candidate: CVE-2017-12940
PublicDate: 2017-08-18 14:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12940
 http://www.openwall.com/lists/oss-security/2017/08/18/6
 http://seclists.org/oss-sec/2017/q3/290
Description:
 libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the
 EncodeFileName::Decode call within the Archive::ReadHeader15 function.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]

Patches_unrar-nonfree:
upstream_unrar-nonfree: released (1:5.5.8-1)
precise/esm_unrar-nonfree: DNE
trusty_unrar-nonfree: ignored (reached end-of-life)
trusty/esm_unrar-nonfree: DNE (trusty was needed)
vivid/ubuntu-core_unrar-nonfree: DNE
xenial_unrar-nonfree: ignored (end of standard support, was needed)
zesty_unrar-nonfree: ignored (reached end-of-life)
artful_unrar-nonfree: ignored (reached end-of-life)
bionic_unrar-nonfree: not-affected (1:5.5.8-1)
cosmic_unrar-nonfree: not-affected (1:5.5.8-1)
disco_unrar-nonfree: not-affected (1:5.5.8-1)
eoan_unrar-nonfree: not-affected (1:5.5.8-1)
focal_unrar-nonfree: not-affected (1:5.5.8-1)
groovy_unrar-nonfree: not-affected (1:5.5.8-1)
hirsute_unrar-nonfree: not-affected (1:5.5.8-1)
impish_unrar-nonfree: not-affected (1:5.5.8-1)
jammy_unrar-nonfree: not-affected (1:5.5.8-1)
devel_unrar-nonfree: not-affected (1:5.5.8-1)