Buffer overflow in Lhaplus before 1.70 allows remote attackers to execute arbitrary code via a crafted archive.