Your submission was sent successfully! Close

CVE-2015-4646

Published: 13 April 2017

(1) unsquash-1.c, (2) unsquash-2.c, (3) unsquash-3.c, and (4) unsquash-4.c in Squashfs and sasquatch allow remote attackers to cause a denial of service (application crash) via a crafted input.

Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
squashfs-tools
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic Not vulnerable
(1:4.3-3)
cosmic Not vulnerable
(1:4.3-3)
disco Not vulnerable
(1:4.3-3)
precise Does not exist
(precise was needed)
trusty Does not exist
(trusty was needed)
upstream
Released (1:4.3-2)
utopic Ignored
(reached end-of-life)
vivid Ignored
(reached end-of-life)
wily Ignored
(reached end-of-life)
xenial Not vulnerable
(1:4.3-3)
yakkety Ignored
(reached end-of-life)
zesty Ignored
(reached end-of-life)

Notes

AuthorNote
amurray
xenial got updated to 1:4.3-3ubuntu2.16.04.3 fixing this (LP: #1785499)

References

Bugs