lhaplus 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには バッファオーバーフロー and パス処理の欠陥 があり、vendor surface software deployment and vendor surface production workloads の利用場面で アプリケーションクラッシュ、vendor impact memory corruption, and ファイル上書き などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2015-0907 | Buffer overflow in Lhaplus before 1.70 allows remote attackers to execute arbitrary code via a crafted archive. | [email protected] | 6.8 | 3.34% | 2015-04-15 | 2026-05-06 |
| CVE-2015-0906 | Directory traversal vulnerability in Lhaplus before 1.70 allows remote attackers to write to arbitrary files via a crafted archive. | [email protected] | 5.8 | 0.48% | 2015-04-15 | 2026-05-06 |
| CVE-2010-3158 | Untrusted search path vulnerability in Lhaplus before 1.58 allows local users to gain privileges via a Trojan horse executable file in the current working directory. | [email protected] | 6.9 | 0.05% | 2010-10-19 | 2026-04-29 |
| CVE-2010-2368 | Untrusted search path vulnerability in Lhaplus before 1.58 allows local users to gain privileges via a Trojan horse DLL in the current working directory. | [email protected] | 6.9 | 0.05% | 2010-10-18 | 2026-04-29 |
| CVE-2008-2021 | Heap-based buffer overflow in Lhaplus before 1.57 allows remote attackers to execute arbitrary code via a long comment field in a ZOO archive. | [email protected] | 7.5 | 4.67% | 2008-04-30 | 2026-04-23 |
| CVE-2007-6175 | Buffer overflow in Lhaplus 1.55 and earlier allows remote attackers to execute arbitrary code via a crafted LZH archive, a different vector than CVE-2007-5048. | [email protected] | 6.6 | 5.28% | 2007-11-30 | 2026-04-23 |
| CVE-2007-5048 | Heap-based buffer overflow in Lhaplus before 1.55 allows remote attackers to execute arbitrary code via a long filename in an ARJ archive. | [email protected] | 7.5 | 6.53% | 2007-09-24 | 2026-04-23 |
| CVE-2006-4033 | Heap-based buffer overflow in Lhaplus.exe in Lhaplus 1.52, and possibly earlier versions, allows remote attackers to execute arbitrary code via an LZH archive with a long header, as specified by the extendedHeaderSize. | [email protected] | 5.1 | 7.71% | 2006-08-09 | 2026-04-16 |