The DecodeNumber function in unrarlib.c in unrar 0.0.1 suffers from a NULL pointer dereference flaw triggered by a specially crafted RAR archive.