2403068 – (CVE-2025-11579) CVE-2025-11579 github.com/nwaples/rardecode: RarDecode Out Of Memory Crash

Bug 2403068 (CVE-2025-11579) - CVE-2025-11579 github.com/nwaples/rardecode: RarDecode Out Of Memory Crash

Summary: CVE-2025-11579 github.com/nwaples/rardecode: RarDecode Out Of Memory Crash

Keywords:
Status:	NEW
Alias:	CVE-2025-11579
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2403133 2403134 2403135 2403136 2403137 2403138 2403139 2403140 2403141 2403142 2403143 2403144 2403145 2403146 2403147 2403148 2403149 2403150 2403151 2403152 2403153 2403154 2403155
Blocks:
TreeView+	depends on / blocked

Reported:	2025-10-10 12:01 UTC by OSIDB Bzimport
Modified:	2025-10-10 17:43 UTC (History)
CC List:	12 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-10-10 12:01:51 UTC

github.com/nwaples/rardecode versions <=2.1.1 fail to restrict the dictionary size when reading large RAR dictionary sizes, which allows an attacker to provide a specially crafted RAR file and cause Denial of Service via an Out Of Memory Crash.

Note You need to log in before you can comment on or make changes to this bug.