Package: unrar
Version: 1:4.1.4-1+deb7u1
Severity: grave
Tags: security
Justification: user security hole

The VMSF_DELTA filter in unrar allows arbitrary memory write.

See the Google Project Zero report:
https://bugs.chromium.org/p/project-zero/issues/detail?id=1286&desc=6

This affects all Debian releases (verified with the provided test case on i386).

Felix

Reply via email to