Unrar Rarlab Unrar

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Rarlab Unrar.

Known Exploited Rarlab Unrar Vulnerabilities

The following Rarlab Unrar vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
RARLAB UnRAR Directory Traversal Vulnerability RARLAB UnRAR on Linux and UNIX contains a directory traversal vulnerability, allowing an attacker to write to files during an extract (unpack) operation.
CVE-2022-30333 Exploit Probability: 99.0%
August 9, 2022

The vulnerability CVE-2022-30333: RARLAB UnRAR Directory Traversal Vulnerability is in the top 1% of the currently known exploitable vulnerabilities.

By the Year

In 2026 there have been 1 vulnerability in Rarlab Unrar with an average score of 7.8 out of ten. Unrar did not have any published security vulnerabilities last year. That is, 1 more vulnerability have already been reported in 2026 as compared to last year.

Year Vulnerabilities Average Score
2026 1 7.80
2025 0 0.00
2024 0 0.00
2023 1 7.50

It may take a day or so for new Unrar vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Rarlab Unrar Security Vulnerabilities

WinRAR/UnRAR RAR5 .rev OOB heap write (fixed in 7.23)
CVE-2026-14191 7.8 - High - July 01, 2026

An out-of-bounds heap write exists in the RAR5 recovery-volume (.rev) parser in WinRAR and UnRAR (RecVolumes5::ReadHeader in recvol5.cpp). The RecItems vector is sized only when the first .rev file in a set is processed; subsequent .rev files supply an independent RecNum value that is validated against that file's own TotalCount field but never against the actual size of RecItems. A crafted set of two or more .rev files can therefore write an attacker-controlled 32-bit value (the header's RevCRC field) to RecItems[RecNum] at an attacker-controlled offset up to 65534 * sizeof(RecVolItem) bytes past the allocation, corrupting adjacent heap objects. Triggering requires the victim to run a recovery/test operation on an attacker-supplied .rev set (for example 'unrar t x.part1.rev', WinRAR 'Repair archive', or auto-recovery when extracting a volume set with a missing .rar part). This is the RAR5-path sibling of CVE-2023-40477 (which was fixed in the RAR3 path only in WinRAR 6.23). Fixed in WinRAR / RAR 7.23.

Memory Corruption

UnRAR <6.2.3 Symlink Path Traversal
CVE-2022-48579 7.5 - High - August 07, 2023

UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains.

insecure temporary file

unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of the form
CVE-2017-14120 - September 03, 2017

unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of the form ../[filename] are unpacked into the upper directory.

The DecodeNumber function in unrarlib.c in unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers
CVE-2017-14121 - September 03, 2017

The DecodeNumber function in unrarlib.c in unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a NULL pointer dereference flaw triggered by a crafted RAR archive. NOTE: this may be the same as one of the several test cases in the CVE-2017-11189 references.

unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers
CVE-2017-14122 - September 03, 2017

unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a stack-based buffer over-read in unrarlib.c, related to ExtrFile and stricomp.

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Rarlab Unrar or by Rarlab? Click the Watch button to subscribe.

Rarlab
Vendor

Rarlab Unrar
Product

subscribe