CVE-2024-55504

medium

Description

An issue in RAR Extractor - Unarchiver Free and Pro v.6.4.0 allows local attackers to inject arbitrary code potentially leading to remote control and unauthorized access to sensitive user data via the exploit_combined.dylib component on MacOS.

References

https://github.com/SyFi/CVE-2024-55504

https://github.com/Audit00r/RAR-Extractor-Unarchiver-Pro-Dylib-injection

https://apps.apple.com/us/app/rar-extractor-unarchiver-pro/id647505820?mt=12

Details

Source: Mitre, NVD

Published: 2025-01-21

Updated: 2026-04-15

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity: Medium

EPSS

EPSS: 0.00564