Multiple directory traversal vulnerabilities in LHA 1.14 allow remote
attackers or local users to create arbitrary files via an LHA archive
containing filenames with (1) … sequences or (2) absolute pathnames with
double leading slashes (“//absolute/path”).