Lhaplus ARJ Archive Long Filename Handling Buffer Overflow Vulnerability
BID:25754
Info
Lhaplus ARJ Archive Long Filename Handling Buffer Overflow Vulnerability
| Bugtraq ID: | 25754 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-5048 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 21 2007 12:00AM |
| Updated: | May 07 2015 05:35PM |
| Credit: | Fourteenforty Research Institute, Inc. is credited with the discovery of this vulnerability. |
| Vulnerable: |
Lhaplus Lhaplus 1.53 |
| Not Vulnerable: |
Lhaplus Lhaplus 1.55 |
Discussion
Lhaplus ARJ Archive Long Filename Handling Buffer Overflow Vulnerability
Lhaplus is prone to a heap-based buffer-overflow vulnerability when handling ARJ archives with overly long filenames.
A successful attack can allow a remote attacker to corrupt process memory by triggering an overflow condition when Lhaplus reads an inordinately long ARJ archive filename.
This vulnerability reportedly affects Lhaplus 1.53 (Japanese); previous versions may also be vulnerable.
Lhaplus is prone to a heap-based buffer-overflow vulnerability when handling ARJ archives with overly long filenames.
A successful attack can allow a remote attacker to corrupt process memory by triggering an overflow condition when Lhaplus reads an inordinately long ARJ archive filename.
This vulnerability reportedly affects Lhaplus 1.53 (Japanese); previous versions may also be vulnerable.
Exploit / POC
Lhaplus ARJ Archive Long Filename Handling Buffer Overflow Vulnerability
Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Lhaplus ARJ Archive Long Filename Handling Buffer Overflow Vulnerability
Solution:
The vendor has released Lhaplus 1.55, which reportedly fixes this vulnerability. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
The vendor has released Lhaplus 1.55, which reportedly fixes this vulnerability. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Lhaplus ARJ Archive Long Filename Handling Buffer Overflow Vulnerability
References:
References:
- Vendor Homepage (Lhaplus)
- JVN#70734805 Lhaplus (JVN)