Integer underflow in the decode_level3_header function in lib/lha_file_header.c in Lhasa before 0.3.1 allows remote attackers to execute arbitrary code via a crafted archive.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lhasa_project | lhasa | * |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 7.0 |
| opensuse | opensuse | 13.2 |
| opensuse | leap | 42.1 |