Multiple stack-based buffer overflows in Lhaz prior to 1.32 allow user-assisted malicious users to execute arbitrary code via a long filename in (1) an LHZ archive, when saving the filename during extraction; and (2) an LHZ archive with an invalid CRC checksum, when constructing an error message.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
lhaz lhaz |