Sent analysis and report to dev@rarlab.com as described here http://www.rarlab.com/feedback.htm

Response from maintainer:

Hello,

Thank you!

You are right, it is needed to add:

  if (Arc.FileHead.PackSize<0)
    Arc.FileHead.PackSize=0;
  if (Arc.FileHead.UnpSize<0)
    Arc.FileHead.UnpSize=0;

in the beginning of CmdExtract::ExtractCurrentFile.

Initially I wanted to fix it earlier in Archive::ReadHeader15,
but then decided that I prefer to see real negative values in archive
listing to understand that archive is corrupt. Also unrar.dll calls
CmdExtract::ExtractCurrentFile directly and can pass invalid values
from user program, so it is better to fix them here.

Eugene

Maintainer says "I already updated WinRAR 5.30 beta 4 build on the site and of course we'll include it to next beta or release. Now I would not like to openly publish all technical details though, to not help hackers to use this bug. Maybe only something general like: RAR could crash when unpacking .rar archives with corrupt file headers."

I've requested that unrarsrc be updated, and asked about advisories.

Fixed in unrarsrc-5.3.5, still considering options for informing downstream users (like Avast, and probably many other antiviruses).

I think this issue is as resolved as it's going to be. There are probably other consumers, but at this point keeping this issue restricted is just getting in the way.