CVE-2018-10115

Description

Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 and before can lead to usage of uninitialized memory, allowing remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive.

Affected packages (2)

• Alpine/p7zipfrom 0, < 16.02-r3
• Debian/p7zip-rarfrom 0, < 16.02-3

CVSS scores

References (2)

• ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2018-10115
• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2018-10115