CVE-2007-3726

Name of the Vulnerable Software and Affected Versions unrar version 3.70 beta 3

Description The issue is caused by an integer signedness error in the SET VALUE function in rarvm.cpp. This error allows user-assisted remote attackers to cause a denial of service, resulting in a crash, via a crafted RAR archive. The archive must be designed to cause a negative signed number to be cast to a large unsigned number.

Recommendations For unrar version 3.70 beta 3, consider avoiding the use of the SET VALUE function in rarvm.cpp until a patch is available. As a temporary workaround, restrict the handling of crafted RAR archives to minimize the risk of exploitation.