{"id":"UBUNTU-CVE-2012-6706","details":"A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. An integer overflow can be caused in DataSize+CurChannel. The result is a negative value of the \"DestPos\" variable, which allows the attacker to write out of bounds when setting Mem[DestPos].","modified":"2025-09-08T16:42:59Z","published":"2017-06-22T13:29:00Z","upstream":["CVE-2012-6706"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2012-6706"},{"type":"REPORT","url":"http://www.openwall.com/lists/oss-security/2017/06/21/9"},{"type":"REPORT","url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=1286&desc=6"},{"type":"REPORT","url":"http://securitytracker.com/id?1027725"},{"type":"REPORT","url":"http://telussecuritylabs.com/threats/show/TSL20121207-01"},{"type":"REPORT","url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=1286"},{"type":"REPORT","url":"https://community.sophos.com/kb/en-us/118424#six"},{"type":"REPORT","url":"https://lock.cmpxchg8b.com/sophailv2.pdf"},{"type":"REPORT","url":"https://nakedsecurity.sophos.com/2012/11/05/tavis-ormandy-sophos/"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2012-6706"}],"affected":[{"package":{"name":"libclamunrar","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/libclamunrar@0.99-0ubuntu0.14.04.2?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.99-0ubuntu0.14.04.2"}]}],"versions":["0.96.4-1","0.96.4-1ubuntu1","0.99-0ubuntu0.14.04.1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"0.99-0ubuntu0.14.04.2","binary_name":"libclamunrar7"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2012/UBUNTU-CVE-2012-6706.json"}},{"package":{"name":"libclamunrar","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/libclamunrar@0.99-1ubuntu0.1?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.99-1ubuntu0.1"}]}],"versions":["0.98.5-1","0.99-1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"0.99-1ubuntu0.1","binary_name":"libclamunrar7"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2012/UBUNTU-CVE-2012-6706.json"}},{"package":{"name":"unrar-nonfree","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/unrar-nonfree@1:5.3.2-1+deb9u1build0.16.04.1?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:5.3.2-1+deb9u1build0.16.04.1"}]}],"versions":["1:5.3.2-1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"1:5.3.2-1+deb9u1build0.16.04.1","binary_name":"unrar"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2012/UBUNTU-CVE-2012-6706.json"}},{"package":{"name":"libclamunrar","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/libclamunrar@0.99-4ubuntu1?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.99-4ubuntu1"}]}],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"0.99-4ubuntu1","binary_name":"libclamunrar7"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2012/UBUNTU-CVE-2012-6706.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}