Lhaplus · Lhaplus · CVE-2017-2158
Name of the Vulnerable Software and Affected Versions:
Lhaplus versions 1.73 and earlier
Description:
The issue arises from improper verification when expanding ZIP64 archives, potentially leading to the extraction of unintended contents from a specially crafted ZIP64 archive.
Recommendations:
For Lhaplus versions 1.73 and earlier, update to a version later than 1.73 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.