Package(s):	unalz	CVE #(s):	CVE-2005-3862
Created:	January 30, 2006	Updated:	February 1, 2006
Description:	Ulf Härnhammer from the Debian Audit Project discovered that unalz, a decompressor for ALZ archives, performs insufficient bounds checking when parsing file names. This can lead to arbitrary code execution if an attacker provides a crafted ALZ archive.
Alerts:	Debian DSA-959-1 unalz 2006-01-30

---

to post comments