Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on
64-bit platforms, as used in ncompress and probably others, allows remote
attackers to cause a denial of service (application crash) or possibly
execute arbitrary code via a crafted archive that uses LZW compression,
leading to an array index error.
Updated: 2015-10-17 03:34:04 UTC (commit 10086)