Technical Description

Multiple vulnerabilities have been identified in LHa, which could be exploited by attackers to execute arbitrary commands or cause a denial of service.

The first issue is due an infinite loop in the "read_pt_len()", "read_c_len()", "decode_c_st1()", and "decode_p_st1()" [huf.c] functions when unpacking malformed archives, which could be exploited by attackers to crash a vulnerable application.

The second flaw is due to a buffer overflow error in the "make_table()" [maketbl.c] function when unpacking malformed archives, which could be exploited by attackers to crash a vulnerable application or execute arbitrary commands.

Affected Products

LHa versions prior to 1.14i-ac20050924p1

Solution

Upgrade to LHa version 1.14i-ac20050924p1 :
http://sourceforge.jp/projects/lha

References

http://www.vupen.com/english/advisories/2006/4760
http://sourceforge.jp/projects/lha/document/lha_1.14i-ac20050924p1_-_Changes/

Credits

Vulnerabilities reported by Tavis Ormandy (Google Security Team)

ChangeLog

2006-11-29 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.