CyberSec.Space Logo
CVEブラウザに戻る

CVE-2004-0947

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1370%
EPSS Percentile20.86th
Published2005年2月9日
Last Modified2026年4月16日

Vulnerability Description

Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute arbitrary code via an arj archive that contains long filenames.

Affected Platforms (CPE)

📦
Arj Software Inc.

Unarj

= 2.62
📦
Arj Software Inc.

Unarj

= 2.63_a
📦
Arj Software Inc.

Unarj

= 2.64
📦
Arj Software Inc.

Unarj

= 2.65
💻
Gentoo

Linux

All versions
💻
Suse

Suse Linux

= 9.0
💻
Suse

Suse Linux

= 9.1
💻
Suse

Suse Linux

= 9.2

References & Advisories

🔗 http://lwn.net/Articles/121827/
🔗 http://www.debian.org/security/2005/dsa-652
🔗 http://www.gentoo.org/security/en/glsa/glsa-200411-29.xml
🔗 http://www.redhat.com/support/errata/RHSA-2005-007.html
🔗 http://www.securityfocus.com/bid/11665
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/18044
🔗 http://lwn.net/Articles/121827/
🔗 http://www.debian.org/security/2005/dsa-652

関連する脆弱性情報

CVE-2004-10275.0

Directory traversal vulnerability in the -x (extract) command line option in unarj allows remote attackers to overwrite arbitrary ...

CVE-2004-100610.0

Format string vulnerability in the log functions in dhcpd for dhcp 2.x allows remote DNS servers to execute arbitrary code via cer...

CVE-2004-090410.0

Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird...

CVE-2004-101210.0

The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arb...