Rarlab Winrar vulnerabilities
29 known vulnerabilities affecting rarlab/winrar.
Total CVEs
29
CISA KEV
4
actively exploited
Public exploits
10
Exploited in wild
5
Severity breakdown
CRITICAL4HIGH14MEDIUM8LOW3
Vulnerabilities
Page 2 of 2
CVE-2005-3263P4HIGHCVSS 7.5v2.90v3.0.0+9 more2005-10-20
CVE-2005-3263 [HIGH] CVE-2005-3263: Stack-based buffer overflow in UNACEV2.DLL for RARLAB WinRAR 2.90 through 3.50 allows remote attacke
Stack-based buffer overflow in UNACEV2.DLL for RARLAB WinRAR 2.90 through 3.50 allows remote attackers to execute arbitrary code via an ACE archive containing a file with a long name.
nvd
CVE-2024-33899P4HIGHCVSS 7.1fixed in 7.002024-04-29
CVE-2024-33899 [HIGH] CWE-150 CVE-2024-33899: RARLAB WinRAR before 7.00, on Linux and UNIX platforms, allows attackers to spoof the screen output,
RARLAB WinRAR before 7.00, on Linux and UNIX platforms, allows attackers to spoof the screen output, or cause a denial of service, via ANSI escape sequences.
nvd
CVE-2025-52331P4MEDIUMCVSS 6.1v7.112025-11-12
CVE-2025-52331 [MEDIUM] CWE-79 CVE-2025-52331: Cross-site scripting (XSS) vulnerability in the generate report functionality in Rarlab WinRAR 7.11,
Cross-site scripting (XSS) vulnerability in the generate report functionality in Rarlab WinRAR 7.11, allows attackers to disclose user information such as the computer username, generated report directory, and IP address. The generate report command includes archived file names without validation in the HTML report, which allows potentially malicious
nvd
CVE-2004-0235P4MEDIUMCVSS 6.4v3.202004-08-18
CVE-2004-0235 [MEDIUM] CVE-2004-0235: Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to cr
Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes ("//absolute/path").
nvd
CVE-2024-30370P4MEDIUMCVSS 4.3v7.00v7.00 beta 4 (64-bit)2024-04-02
CVE-2024-30370 [MEDIUM] CWE-693 CVE-2024-30370: RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability. This vulnerability allows remote attackers to by
RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-Of-The-Web protection mechanism on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must perform a specific action on a malicious page.
The specific flaw exists withi
nvd
CVE-2005-4474P4MEDIUMCVSS 5.1v3.512005-12-22
CVE-2005-4474 [MEDIUM] CVE-2005-4474: Buffer overflow in the "Add to archive" command in WinRAR 3.51 allows user-assisted attackers to cau
Buffer overflow in the "Add to archive" command in WinRAR 3.51 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code by tricking the user into adding a file whose filename contains a non-default code page and non-ANSI characters, as demonstrated using a Chinese filename, possibly due to buffer expansion when u
nvd
CVE-2019-25677P4MEDIUMCVSS 5.5≤ 5.612026-04-05
CVE-2019-25677 [MEDIUM] CWE-379 CVE-2019-25677: WinRAR 5.61 contains a denial of service vulnerability that allows local attackers to crash the appl
WinRAR 5.61 contains a denial of service vulnerability that allows local attackers to crash the application by placing a malformed winrar.lng language file in the installation directory. Attackers can trigger the crash by opening an archive and pressing the test button, causing an access violation at memory address 004F1DB8 when the application atte
nvd
CVE-2005-0331P4LOWCVSS 2.6v3.0.0v3.10+7 more2005-05-02
CVE-2005-0331 [LOW] CVE-2005-0331: Directory traversal vulnerability in WinRAR 3.42 and earlier, when the user clicks on the ZIP file t
Directory traversal vulnerability in WinRAR 3.42 and earlier, when the user clicks on the ZIP file to extract it, allows remote attackers to create arbitrary files via a ... (triple dot) in the filename of the ZIP file.
nvd
CVE-2004-1495P4LOWCVSS 2.6v2.90v3.0.0+6 more2004-12-31
CVE-2004-1495 [LOW] CVE-2004-1495: The Repair Archive command in WinRAR 3.40 allows remote attackers to cause a denial of service (appl
The Repair Archive command in WinRAR 3.40 allows remote attackers to cause a denial of service (application crash) via a corrupt ZIP archive.
nvd
← Previous2 / 2