Multiple Vendors RAR Handling Remote Null Pointer Dereference Vulnerability

Multiple Vendors RAR Handling Remote Null Pointer Dereference Vulnerability

Multiple applications using RAR are prone to a NULL-pointer dereference vulnerability.

A successful attack will result in denial-of-service conditions. Attackers may also be able to exploit this issue to execute arbitrary code, but this has not been confirmed.

This issue affects the following:

ClamAV prior to 0.91
'UnRAR' 3.70; other versions may also be vulnerable.

Other applications using the vulnerabile 'UnRAR' utility are affected by this issue. We will update this BID as more information emerges.