Unrated severityNVD Advisory· Published Dec 21, 2005· Updated Apr 16, 2026

CVE-2005-4438

Description

Heap-based buffer overflow in Dec2Rar.dll 3.2.14.3, as distributed in the Symantec Antivirus Library and used by various Symantec products, allows remote attackers to execute arbitrary code via RAR archives with sub-block headers that contain incorrect values in the length field.

Affected products

Dec2rar.dll/Dec2rar.dll
cpe:2.3:a:dec2rar.dll:dec2rar.dll:3.2.14.3:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/18131nvdVendor Advisory
www.rem0te.com/public/images/symc2.pdfnvdVendor Advisory
www.kb.cert.org/vuls/id/305272nvdUS Government Resource
securityreason.com/securityalert/276nvd
securitytracker.com/idnvd
www.securityfocus.com/archive/1/419853/100/0/threadednvd
www.securityfocus.com/bid/15971nvd
www.vupen.com/english/advisories/2005/3003nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.009
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000