Debian Security Advisory
DLA-1014-1 libclamunrar -- LTS security update
- Date Reported:
- 05 Jul 2017
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2017-7520.
- More information:
It was discovered that there was an arbitrary code execution vulnerability in libcamunrar, a library to add unrar support to the Clam anti-virus software.
This was caused by an integer overflow resulting in a negative value of the ``DestPos`` variable, which allows the attacker to write out of bounds when setting ``Mem[DestPos]``.
For Debian 7
Wheezy, this issue has been fixed in libclamunrar version 0.99-0+deb7u2.
We recommend that you upgrade your libclamunrar packages.