Arch Linux Security Advisory ASA-201604-8 ========================================= Severity: High Date : 2016-04-14 CVE-ID : CVE-2016-2347 Package : lhasa Type : arbitrary code execution Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package lhasa before version 0.3.1-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 0.3.1-1. # pacman -Syu "lhasa>=0.3.1-1" The problems has been fixed upstream in version 0.3.1 Workaround ========== None. Description =========== An exploitable integer underflow exists during calculation size for all headers in decode_level3_header function of Lhasa (lha) application. Smaller value of header_len than LEVEL_3_HEADER_LEN ( 32 ) cause during subtraction integer underflow and lead later to memory corruption via heap based buffer overflow. Impact ====== A remote attacker is able to create a specially crafted LHA archive that results in a heap based buffer overflow leading to arbitrary code execution. References ========== http://www.talosintel.com/reports/TALOS-2016-0095/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2347