High severity7.8NVD Advisory· Published Apr 21, 2017· Updated May 13, 2026

CVE-2016-2347

Description

Integer underflow in the decode_level3_header function in lib/lha_file_header.c in Lhasa before 0.3.1 allows remote attackers to execute arbitrary code via a crafted archive.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/fragglet/lhasa/commit/6fcdb8f1f538b9d63e63a5fa199c5514a15d4564nvdIssue TrackingPatchThird Party Advisory
github.com/fragglet/lhasa/releases/tag/v0.3.1nvdIssue TrackingPatchThird Party Advisory
www.talosintelligence.com/reports/TALOS-2016-0095/nvdExploitTechnical DescriptionThird Party Advisory
lists.opensuse.org/opensuse-updates/2016-04/msg00038.htmlnvdThird Party Advisory
lists.opensuse.org/opensuse-updates/2016-04/msg00039.htmlnvdThird Party Advisory
www.debian.org/security/2016/dsa-3540nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000