vendor:
unalz
by:
Ulf Harnhammar
7.5
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: unalz
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE: a:unalz_project:unalz
Platforms Tested:
2005
Buffer Overflow Vulnerability in ‘unalz’ Utility
The 'unalz' utility is prone to a buffer-overflow vulnerability. This issue is exposed when the application extracts an ALZ archive that contains a file with a long name. An attacker could exploit this vulnerability to execute arbitrary code in the context of the user who extracts a malicious archive.
Mitigation:
Update to a fixed version of the 'unalz' utility or avoid extracting ALZ archives from untrusted sources.