Vulnerability Details CVE-2016-1925
Integer underflow in header.c in lha allows remote attackers to have unspecified impact via a large header size value for the (1) level0 or (2) level1 header in a lha archive, which triggers a buffer overflow.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 75.2%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://www.openwall.com/lists/oss-security/2016/01/18/3
- http://www.openwall.com/lists/oss-security/2016/01/18/8
- https://security.gentoo.org/glsa/202007-42
- http://www.openwall.com/lists/oss-security/2016/01/18/3
- http://www.openwall.com/lists/oss-security/2016/01/18/8
- https://security.gentoo.org/glsa/202007-42
Products affected by CVE-2016-1925
-
cpe:2.3:a:lha_for_unix_project:lha_for_unix:-