Tuomas Räsänen discovered two vulnerabilities in unADF, a tool to extract files from an Amiga Disk File dump : CVE-2016-1243 A stack buffer overflow in the function extractTree might allow an attacker, with control on the content of a ADF file, to execute arbitrary code with the privileges of the program execution. CVE-2016-1244 The unADF extractor creates the path in the destination via a mkdir in a system call. Since there was no sanitization on the input of the filenames, an attacker can directly inject code in the pathnames of archived directories in an ADF file.