DEBIAN-CVE-2007-3726

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2007-3726

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2007-3726.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2007-3726

Upstream

CVE-2007-3726

Published

2007-07-12T16:30:00Z

Modified

2025-11-20T10:09:54.727666Z

Summary

[none]

Details

Integer signedness error in the SET_VALUE function in rarvm.cpp in unrar 3.70 beta 3, as used in products including WinRAR and RAR for OS X, allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive that causes a negative signed number to be cast to a large unsigned number.

References

https://security-tracker.debian.org/tracker/CVE-2007-3726

Affected packages

Debian:11

rar

Package

Name: rar
Purl: pkg:deb/debian/rar?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:3.7b1-1

Affected versions

2.*

2.02-2

2.60-1

2.80-2

3.*

3.30-2

1:3.*

1:3.5.1-1

1:3.6.0-1

Ecosystem specific

{
    "urgency": "low"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2007-3726.json"

unrar-nonfree

Package

Name: unrar-nonfree
Purl: pkg:deb/debian/unrar-nonfree?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.7.3-1.1

Affected versions

3.*

3.3.6-2

3.3.6-2.0.1

3.4.3-1

Ecosystem specific

{
    "urgency": "low"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2007-3726.json"

Debian:12

rar

Package

Name: rar
Purl: pkg:deb/debian/rar?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:3.7b1-1

Affected versions

2.*

2.02-2

2.60-1

2.80-2

3.*

3.30-2

1:3.*

1:3.5.1-1

1:3.6.0-1

Ecosystem specific

{
    "urgency": "low"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2007-3726.json"

unrar-nonfree

Package

Name: unrar-nonfree
Purl: pkg:deb/debian/unrar-nonfree?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.7.3-1.1

Affected versions

3.*

3.3.6-2

3.3.6-2.0.1

3.4.3-1

Ecosystem specific

{
    "urgency": "low"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2007-3726.json"

Debian:13

rar

Package

Name: rar
Purl: pkg:deb/debian/rar?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:3.7b1-1

Affected versions

2.*

2.02-2

2.60-1

2.80-2

3.*

3.30-2

1:3.*

1:3.5.1-1

1:3.6.0-1

Ecosystem specific

{
    "urgency": "low"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2007-3726.json"

unrar-nonfree

Package

Name: unrar-nonfree
Purl: pkg:deb/debian/unrar-nonfree?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.7.3-1.1

Affected versions

3.*

3.3.6-2

3.3.6-2.0.1

3.4.3-1

Ecosystem specific

{
    "urgency": "low"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2007-3726.json"

Debian:14

rar

Package

Name: rar
Purl: pkg:deb/debian/rar?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:3.7b1-1

Affected versions

2.*

2.02-2

2.60-1

2.80-2

3.*

3.30-2

1:3.*

1:3.5.1-1

1:3.6.0-1

Ecosystem specific

{
    "urgency": "low"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2007-3726.json"

unrar-nonfree

Package

Name: unrar-nonfree
Purl: pkg:deb/debian/unrar-nonfree?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.7.3-1.1

Affected versions

3.*

3.3.6-2

3.3.6-2.0.1

3.4.3-1

Ecosystem specific

{
    "urgency": "low"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2007-3726.json"