PT-2017-7988 · Lha+1 · Lha+1

Paris Zoumpouloglou

Published

2016-04-21

Updated

2020-07-27

CVE-2016-1925

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions lha (affected versions not specified)

Description The issue is related to an integer underflow in the header.c file of lha, which can be triggered by a large header size value for the level0 or level1 header in an lha archive. This can lead to a buffer overflow, allowing remote attackers to have an unspecified impact.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Integer Underflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-191

Related Identifiers

CVE-2016-1925

MGASA-2016-0142

SUSE-SU-2016:1904-1

SUSE-SU-2016_1904-1

Affected Products

Suse

Lha

PT-2017-7988 · Lha+1 · Lha+1

CVE-2016-1925

Weakness Enumeration

Related Identifiers

Affected Products

References · 12