Published: 21/04/2017 Updated: 30/10/2018

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Integer underflow in the decode_level3_header function in lib/lha_file_header.c in Lhasa prior to 0.3.1 allows remote malicious users to execute arbitrary code via a crafted archive.

Vulnerable Product	Search on Vulmon	Subscribe to Product
opensuse opensuse 13.2
opensuse leap 42.1
debian debian linux 8.0
debian debian linux 7.0
lhasa project lhasa

Marcin Noga discovered an integer underflow in Lhasa, a lzh archive decompressor, which might result in the execution of arbitrary code if a malformed archive is processed For the oldstable distribution (wheezy), this problem has been fixed in version 007-2+deb7u1 For the stable distribution (jessie), this problem has been fixed in version 02 ...

CWE-190 https://github.com/fragglet/lhasa/releases/tag/v0.3.1 https://github.com/fragglet/lhasa/commit/6fcdb8f1f538b9d63e63a5fa199c5514a15d4564 http://www.talosintelligence.com/reports/TALOS-2016-0095/http://www.debian.org/security/2016/dsa-3540 http://lists.opensuse.org/opensuse-updates/2016-04/msg00039.html http://lists.opensuse.org/opensuse-updates/2016-04/msg00038.html https://nvd.nist.gov https://www.debian.org/security/./dsa-3540

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2016-2347

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect