CVE-2019-20509

Name of the Vulnerable Software and Affected Versions libarchive versions prior to 3.4.1

Description The issue allows remote attackers to cause a denial of service, resulting in a heap-based buffer over-read and application crash, via a crafted LHA archive. This is due to the failure to ensure valid sizes for UTF-16 input in the archive read support format lha.c file.

Recommendations For versions prior to 3.4.1, update to version 3.4.1 or later to resolve the issue. As a temporary workaround, consider restricting the handling of LHA archives to minimize the risk of exploitation.