CVE-2006-4116

Name of the Vulnerable Software and Affected Versions Lhaz versions prior to 1.32

Description The issue is related to multiple stack-based buffer overflows. These occur when handling a long filename in an LHZ archive during extraction, and when constructing an error message for an LHZ archive with an invalid CRC checksum. This could allow user-assisted attackers to execute arbitrary code.

Recommendations For versions prior to 1.32, update to version 1.32 or later to resolve the issue. As a temporary workaround, consider avoiding the extraction of LHZ archives with long filenames or invalid CRC checksums until a patch is available. Restrict access to the Lhaz utility to minimize the risk of exploitation.