Your submission was sent successfully! Close

CVE-2012-4025

Published: 19 July 2012

Integer overflow in the queue_init function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted block_log field in the superblock of a .sqsh file, leading to a heap-based buffer overflow.

Priority

Low

Status

Package Release Status
squashfs-tools
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Ignored
(reached end-of-life)
natty Ignored
(reached end-of-life)
oneiric Ignored
(reached end-of-life)
precise Does not exist
(precise was needed)
quantal Ignored
(reached end-of-life)
raring Ignored
(reached end-of-life)
saucy Ignored
(reached end-of-life)
trusty Does not exist
(trusty was not-affected [1:4.2+20121212-1])
upstream
Released (1:4.2+20121212-1)
utopic Ignored
(reached end-of-life)
vivid Ignored
(reached end-of-life)
wily Ignored
(reached end-of-life)
xenial Not vulnerable
(1:4.2+20121212-1)
yakkety Not vulnerable
(1:4.2+20121212-1)
zesty Not vulnerable
(1:4.2+20121212-1)