{"id":"CVE-2012-6706","details":"A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. An integer overflow can be caused in DataSize+CurChannel. The result is a negative value of the \"DestPos\" variable, which allows the attacker to write out of bounds when setting Mem[DestPos].","modified":"2026-04-16T01:38:24.840333118Z","published":"2017-06-22T13:29:00Z","withdrawn":"2026-01-27T04:11:30.324595Z","related":["SUSE-SU-2017:1716-1","SUSE-SU-2017:1745-1","SUSE-SU-2017:1760-1","SUSE-SU-2017:1763-1","SUSE-SU-2018:0809-1","SUSE-SU-2018:0862-1","SUSE-SU-2018:0863-1","SUSE-SU-2021:2834-1","openSUSE-SU-2024:10685-1"],"references":[{"type":"ADVISORY","url":"http://securitytracker.com/id?1027725"},{"type":"ADVISORY","url":"http://telussecuritylabs.com/threats/show/TSL20121207-01"},{"type":"EVIDENCE","url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=1286"},{"type":"ADVISORY","url":"https://community.sophos.com/kb/en-us/118424#six"},{"type":"ADVISORY","url":"https://lock.cmpxchg8b.com/sophailv2.pdf"},{"type":"ADVISORY","url":"https://nakedsecurity.sophos.com/2012/11/05/tavis-ormandy-sophos/"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201708-05"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201709-24"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201804-16"},{"type":"WEB","url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10205"}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}