CVE-2019-25677: WinRAR DoS Vulnerability - 5.61
Platform
windows
Component
winrar
CVE-2019-25677 is a Denial of Service (DoS) vulnerability discovered in WinRAR. An attacker can trigger a crash by placing a specially crafted winrar.lng language file in the WinRAR installation directory and then attempting to test an archive. This vulnerability affects WinRAR versions 5.61–5.61 32 Bit, and as of the publication date, no official patch has been released to address this issue.
How to fix
Actualice WinRAR a una versión corregida. La versión 5.61 es vulnerable; consulte el sitio web del proveedor para obtener la última versión estable y segura.
Frequently asked questions
What is CVE-2019-25677?
CVE-2019-25677 is a Denial of Service vulnerability in WinRAR. It allows a local attacker to crash the application by exploiting how WinRAR handles malformed language files (winrar.lng).
Am I affected by CVE-2019-25677?
You are potentially affected if you are using WinRAR version 5.61–5.61 32 Bit. If you are using a newer version, you are likely not vulnerable.
How can I fix or mitigate CVE-2019-25677?
Currently, there is no official patch available. As a mitigation, avoid placing untrusted winrar.lng language files in your WinRAR installation directory.
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free