This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsaid="202007-42">
<title>LHa: Buffer overflow</title>
<synopsis>LHa has a buffer overflow in its compression utility with
unspecified impact.
</synopsis>
<producttype="ebuild">lha</product>
<announced>2020-07-27</announced>
<revisedcount="1">2020-07-27</revised>
<bug>572418</bug>
<access>remote</access>
<affected>
<packagename="app-arch/lha"auto="yes"arch="*">
<unaffectedrange="ge">114i_p20201004</unaffected>
<vulnerablerange="lt">114i_p20201004</vulnerable>
</package>
</affected>
<background>
<p>LHa is a console-based program for packing and unpacking LHarc archives.</p>
</background>
<description>
<p>A buffer overflow in LHa’s compression code was discovered which can
be triggered by a crafted input file.
</p>
</description>
<impacttype="normal">
<p>A remote attacker could send a specially crafted file possibly resulting
in a Denial of Service condition.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All LHa users should upgrade to the latest version:</p>