Published:2015/04/09  Last Updated:2015/04/09

Information from Schezo

Vulnerability ID:JVN#02527990
Title:Lhaplus vulnerable to directory traversal
Status:Vulnerable

This is a statement from the vendor itself with no modification by JPCERT/CC.

Overview

Lhaplus Version 1.59 and earlier contain an flaw that allows a specially crafted archive file to be extracted to an unintended directory.

Solution

This flaw is addressed in Lhaplus version 1.70. Please update to version 1.70 or later.