CVE-2007-5048
Lhaplus - Heap-based Buffer Overflow via Long Filename in ARJ Archive
Title source: llmDescription
Heap-based buffer overflow in Lhaplus before 1.55 allows remote attackers to execute arbitrary code via a long filename in an ARJ archive.
References (7)
Core 7
Core References
Various Sources x_refsource_confirm
http://www7a.biglobe.ne.jp/~schezo/arj_vul.html
Exploit x_refsource_misc
http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20070921
Third Party Advisory third-party-advisory
x_refsource_jvn
http://jvn.jp/jp/JVN%2370734805/index.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/36718
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/26907
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/25754
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/40582
Scores
EPSS
0.0412
EPSS Percentile
89.6%
Details
CWE
CWE-119
Status
published
Products (2)
lhaplus/lhaplus
1.52
lhaplus/lhaplus
1.53
Published
Sep 24, 2007
Tracked Since
Feb 18, 2026