CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:P/I:P/A:C
EPSS
Percentile
94.6%
Lhaplus, file compression/decompression software supporting multiple compression file formats, contains a buffer overflow vulnerability. If a user decompresses a specially crafted file, an attacker could execute arbitrary code with the privilege of the user.
This vulnerability is different from JVN#70734805.
An attacker could execute arbitrary code with the privilege of the user who decompressed the file.
Update the Software
Apply the latest updates provided by the developer.
For more information, refer to the developer’s website.