Interpretation Conflict

Overview org.webjars.npm:tar is a full-featured Tar for Node.js. Affected versions of this package are vulnerable to Interpretation Conflict due to improper handling of PAX extended header size overrides in intermediary metadata headers. An attacker can cause inconsistent archive parsing results...

PT-2026-49577

Name of the Vulnerable Software and Affected Versions node-tar versions prior to 7.5.16 Description An interpretation differential exists in how the software parses tar archives. The issue occurs because the library applies a PAX extended header's size= record and other PAX overrides to the next...

Lhaca LHZ Archive Extended Header Size Processing Buffer Overflow Vulnerability

Overview Lhaca does not process an LHZ archive with an invalid Extended Header Size properly, which could lead to buffer overflow. This problem is reported to be different from the issue identified in JVNDB-2007-000492 CVE-2007-3375. Impact An attacker could execute arbitrary code. Solution Pleas...

Lhaca LZH文档畸形Extended Header Size值栈缓冲区溢出漏洞

Lhaca是一款由日本开发的免费文档压缩解压工具。 Lhaca在处理畸形的LHA文档时存在缓冲区溢出漏洞，远程攻击者可能利用此漏洞通过诱使用户处理恶意文件控制用户机器。 Lhaca没有充分地验证从LHA文件读取的Extended Header Size值便将其拷贝到了Extended Header Data字节数的栈缓冲区，如果Extended Header Size值大于255的话就可能触发缓冲区溢出，导致执行任意指令；此外由于没有正确地使用strncpy还可能导致进一步覆盖该缓冲区。有漏洞的函数如下： function40D974FILE fp, char outbuffer cha...

Stack overflow

Stack-based buffer overflow in Lhaca File Archiver before 1.22 allows user-assisted remote attackers to execute arbitrary code via a large LHA "Extended Header Size" value in an LZH archive, a different issue than CVE-2007-3375...