Heap-based buffer overflow in Lhaplus before 1.55 allows remote attackers to execute arbitrary code via a long filename in an ARJ archive.
https://exchange.xforce.ibmcloud.com/vulnerabilities/36718
http://www7a.biglobe.ne.jp/~schezo/arj_vul.html
http://www.securityfocus.com/bid/25754