CyberSec.Space Logo
Back to CVE Browser

CVE-2004-0947

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1370%
EPSS Percentile20.86th
PublishedFeb 9, 2005
Last ModifiedApr 16, 2026

Vulnerability Description

Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute arbitrary code via an arj archive that contains long filenames.

Affected Platforms (CPE)

πŸ“¦
Arj Software Inc.

Unarj

= 2.62
πŸ“¦
Arj Software Inc.

Unarj

= 2.63_a
πŸ“¦
Arj Software Inc.

Unarj

= 2.64
πŸ“¦
Arj Software Inc.

Unarj

= 2.65
πŸ’»
Gentoo

Linux

All versions
πŸ’»
Suse

Suse Linux

= 9.0
πŸ’»
Suse

Suse Linux

= 9.1
πŸ’»
Suse

Suse Linux

= 9.2

References & Advisories

πŸ”— http://lwn.net/Articles/121827/
πŸ”— http://www.debian.org/security/2005/dsa-652
πŸ”— http://www.gentoo.org/security/en/glsa/glsa-200411-29.xml
πŸ”— http://www.redhat.com/support/errata/RHSA-2005-007.html
πŸ”— http://www.securityfocus.com/bid/11665
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/18044
πŸ”— http://lwn.net/Articles/121827/
πŸ”— http://www.debian.org/security/2005/dsa-652

Related Vulnerabilities

CVE-2004-10275.0

Directory traversal vulnerability in the -x (extract) command line option in unarj allows remote attackers to overwrite arbitrary ...

CVE-2004-100610.0

Format string vulnerability in the log functions in dhcpd for dhcp 2.x allows remote DNS servers to execute arbitrary code via cer...

CVE-2004-041810.0

serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow ...

CVE-2004-090410.0

Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird...