Vulnerability Spotlight: Lhasa Integer Underflow Exploit
Talos is disclosing the discovery of vulnerability TALOS-2016-0095 / CVE-2016-2347 in the Lhasa LZH/LHA decompression tool and library. This vulnerability is due to an integer underflow condition. The software verifies that header values are not too large, but does not check for a too small header length. Decompressing a LHA or LZH file containing an under-value header size leads to the decompression software allocating a pointer to point to released memory on the heap. An attacker controlling the length and content of such a file can use the vulnerability to overwrite the heap with arbitrary code.