High severity7.8NVD Advisory· Published Apr 21, 2017· Updated Jun 17, 2026
CVE-2016-2347
CVE-2016-2347
Description
Integer underflow in the decode_level3_header function in lib/lha_file_header.c in Lhasa before 0.3.1 allows remote attackers to execute arbitrary code via a crafted archive.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
12- osv-coords6 versionspkg:rpm/suse/lhasa&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/lhasa&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1pkg:rpm/suse/lhasa&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012pkg:rpm/suse/lhasa&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1pkg:rpm/suse/lhasa&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012pkg:rpm/suse/lhasa&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP1
< 0.2.0-5.1+ 5 more
- (no CPE)range: < 0.2.0-5.1
- (no CPE)range: < 0.2.0-5.1
- (no CPE)range: < 0.2.0-5.1
- (no CPE)range: < 0.2.0-5.1
- (no CPE)range: < 0.2.0-5.1
- (no CPE)range: < 0.2.0-5.1
Patches
Vulnerability mechanics
References
6- github.com/fragglet/lhasa/commit/6fcdb8f1f538b9d63e63a5fa199c5514a15d4564nvdIssue TrackingPatchThird Party Advisory
- github.com/fragglet/lhasa/releases/tag/v0.3.1nvdIssue TrackingPatchThird Party Advisory
- www.talosintelligence.com/reports/TALOS-2016-0095/nvdExploitTechnical DescriptionThird Party Advisory
- lists.opensuse.org/opensuse-updates/2016-04/msg00038.htmlnvdThird Party Advisory
- lists.opensuse.org/opensuse-updates/2016-04/msg00039.htmlnvdThird Party Advisory
- www.debian.org/security/2016/dsa-3540nvdThird Party Advisory
News mentions
0No linked articles in our index yet.