CVE-2016-2347

Integer underflow in the decode_level3_header function in lib/lha_file_header.c in Lhasa before 0.3.1 allows remote attackers to execute arbitrary code via a crafted archive.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
certccCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 62%
VendorProductVersion
opensuseleap
42.1
opensuseopensuse
13.2
debiandebian_linux
7.0
debiandebian_linux
8.0
lhasa_projectlhasa
𝑥
≤ 0.3.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
lhasa
bullseye
0.3.1-3
fixed
bookworm
0.3.1-4
fixed
sid
0.4.0-1
fixed
trixie
0.4.0-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
lhasa
noble
not-affected
mantic
not-affected
lunar
not-affected
kinetic
not-affected
jammy
not-affected
impish
not-affected
hirsute
not-affected
groovy
not-affected
focal
not-affected
eoan
not-affected
disco
not-affected
cosmic
not-affected
bionic
not-affected
artful
not-affected
zesty
not-affected
yakkety
not-affected
xenial
needed
wily
ignored
trusty
Fixed 0.0.7-2+deb7u1ubuntu0.14.04.1
released
precise
dne
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-updates/2016-04/msg00038.html
http://lists.opensuse.org/opensuse-updates/2016-04/msg00039.html
http://www.debian.org/security/2016/dsa-3540
http://www.talosintelligence.com/reports/TALOS-2016-0095/
https://github.com/fragglet/lhasa/commit/6fcdb8f1f538b9d63e63a5fa199c5514a15d4564
https://github.com/fragglet/lhasa/releases/tag/v0.3.1
http://lists.opensuse.org/opensuse-updates/2016-04/msg00038.html
http://lists.opensuse.org/opensuse-updates/2016-04/msg00039.html
http://www.debian.org/security/2016/dsa-3540
http://www.talosintelligence.com/reports/TALOS-2016-0095/
https://github.com/fragglet/lhasa/commit/6fcdb8f1f538b9d63e63a5fa199c5514a15d4564
https://github.com/fragglet/lhasa/releases/tag/v0.3.1