Debian Security Advisory

DLA-1014-1 libclamunrar -- LTS security update

Date Reported:
05 Jul 2017
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2017-7520.
More information:

It was discovered that there was an arbitrary code execution vulnerability in libcamunrar, a library to add unrar support to the Clam anti-virus software.

This was caused by an integer overflow resulting in a negative value of the ``DestPos`` variable, which allows the attacker to write out of bounds when setting ``Mem[DestPos]``.

For Debian 7 Wheezy, this issue has been fixed in libclamunrar version 0.99-0+deb7u2.

We recommend that you upgrade your libclamunrar packages.