CRITICAL
Lha For Unix Project
CVE published 2017-01-23
CVE-2016-1925
CVE-2016-1925 is a critical memory corruption flaw in lha’s archive header parsing. A large header size value in a level0 or level1 header can trigger an integer underflow in header.c, which in turn can lead to a buffer overflow while processing a crafted LHA archive.