6 matches found
EUVD-2016-3431
Malware in sbrugna...
EUVD-2010-2379
Malware in sbrugna...
DEBIAN-CVE-2016-2347
Integer underflow in the decodelevel3header function in lib/lhafileheader.c in Lhasa before 0.3.1 allows remote attackers to execute arbitrary code via a crafted archive...
Lhasa Integer Overflow Vulnerability
Lhasa is a freeware alternative to the LHA compression program for Unix, developed by software developer Simon Howard. The program is capable of decompressing .lzh and .lzs files. An integer overflow vulnerability exists in the 'decodelevel3header' function in Lhasa's lib\lhafileheader.c file,...
New Heap-Spray Exploit Tied To LZH Archive Decompression
Researchers found a vulnerability in the classic compression standard Lhasa, once a mainstay for game developers in the mid-’90s and still in use today. Researchers at Cisco’s security research arm, Cisco Talos, identified the vulnerability calling it as a classic heap-spray exploit. In a report...
Lhasa may insecurely load executable files
Overview Lhasa may use unsafe methods for determining how to load executables .exe. Lhasa is a file extraction software that supports LZH and ZIP formats. Lhasa loads certain executables .exe when extracting files. Lhasa contains an issue with the file search path, which may insecurely load...