lha -- numerous vulnerabilities when extracting archives

ID 273CC1A3-0D6B-11D9-8A8A-000C41E2CDAD
Type freebsd
Reporter FreeBSD
Modified 2004-05-17T00:00:00


Source code reviews of lha by Lukasz Wojtow, Thomas Biege, and others uncovered a number of vulnerabilities affecting lha:

Buffer overflows when handling archives and filenames. (CVE-2004-0694) Possible command execution via shell meta-characters when built with NOMKDIR. (CVE-2004-0745) Buffer overflow resulting in arbitrary code execution when handling long pathnames in LHZ archives. (CVE-2004-0769) Buffer overflow in the extract_one. (CVE-2004-0771)