Lucene search
GoogleOSV:DSA-3540-1HistoryApr 03, 2016 - 12:00 a.m.
lhasa - security update
2016-04-0300:00:00
Google
osv.dev
6
0.004 Low
EPSS
Percentile
74.7%
Marcin Noga discovered an integer underflow in Lhasa, a lzh archive
decompressor, which might result in the execution of arbitrary code if
a malformed archive is processed.
For the oldstable distribution (wheezy), this problem has been fixed
in version 0.0.7-2+deb7u1.
For the stable distribution (jessie), this problem has been fixed in
version 0.2.0+git3fe46-1+deb8u1.
For the testing distribution (stretch), this problem has been fixed
in version 0.3.1-1.
For the unstable distribution (sid), this problem has been fixed in
version 0.3.1-1.
We recommend that you upgrade your lhasa packages.
| CPE | Name | Operator | Version |
|---|---|---|---|
| lhasa | eq | 0.2.0+git3fe46-1 |
References
Related
nessus
nessus
openSUSE Security Update : lhasa (openSUSE-2016-454)
2016-04-14 00:00:00
SUSE SLED12 Security Update : lhasa (SUSE-SU-2016:1091-1)
2016-04-20 00:00:00
openSUSE Security Update : lhasa (openSUSE-2016-455)
2016-04-14 00:00:00
cve
cve
CVE-2016-2347
2017-04-21 20:59:00
openvas
openvas
Debian: Security Advisory (DSA-3540-1)
2016-04-02 00:00:00
Debian Security Advisory DSA 3540-1 (lhasa - security update)
2016-04-03 00:00:00
cvelist
cvelist
CVE-2016-2347
2017-04-21 20:00:00
talos
talos
Lhasa lha decode_level3_header Heap Corruption Vulnerability
2016-03-31 00:00:00
debian
debian
[SECURITY] [DSA 3540-1] lhasa security update
2016-04-03 11:36:41
prion
prion
Integer overflow
2017-04-21 20:59:00
osv
osv
CVE-2016-2347
2017-04-21 20:59:00
nvd
nvd
CVE-2016-2347
2017-04-21 20:59:00
archlinux
archlinux
lhasa: arbitrary code execution
2016-04-14 00:00:00
threatpost
threatpost
New Heap-Spray Exploit Tied To LZH Archive Decompression
2016-04-01 13:07:40
ubuntucve
ubuntucve
CVE-2016-2347
2017-04-21 00:00:00
debiancve
debiancve
CVE-2016-2347
2017-04-21 20:59:00