A local overflow exists in TUGZip. TUGZip fails to handle long filenames of ARJ archives, resulting in a stack overflow. With an ARJ archive with a specially crafted name, an attacker can cause execution of arbitrary code, resulting in a loss of integrity.
Currently, there are no known upgrades or patches to correct this issue. As a workaround, it is possible to avoid the flaw by not using TUGZip to open ARJ archives.