Your submission was sent successfully! Close

CVE-2012-4024

Published: 19 July 2012

Stack-based buffer overflow in the get_component function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted list file (aka a crafted file for the -ef option). NOTE: probably in most cases, the list file is a trusted file constructed by the program's user; however, there are some realistic situations in which a list file would be obtained from an untrusted remote source.

Priority

Low

Status

Package Release Status
squashfs-tools
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Ignored
(reached end-of-life)
natty Ignored
(reached end-of-life)
oneiric Ignored
(reached end-of-life)
precise Does not exist
(precise was needed)
quantal Ignored
(reached end-of-life)
raring Ignored
(reached end-of-life)
saucy Ignored
(reached end-of-life)
trusty Does not exist
(trusty was not-affected [1:4.2+20121212-1])
upstream
Released (1:4.2+20121212-1)
utopic Ignored
(reached end-of-life)
vivid Ignored
(reached end-of-life)
wily Ignored
(reached end-of-life)
xenial Not vulnerable
(1:4.2+20121212-1)
yakkety Not vulnerable
(1:4.2+20121212-1)
zesty Not vulnerable
(1:4.2+20121212-1)