Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 6 of 6 results


CVE-2021-41072

Medium priority
Fixed

squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the...

1 affected packages

squashfs-tools

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
squashfs-tools Fixed Fixed Fixed Fixed
Show less packages

CVE-2021-40153

Medium priority
Fixed

squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of...

1 affected packages

squashfs-tools

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
squashfs-tools Fixed Fixed Fixed Fixed
Show less packages

CVE-2015-4646

Low priority
Ignored

(1) unsquash-1.c, (2) unsquash-2.c, (3) unsquash-3.c, and (4) unsquash-4.c in Squashfs and sasquatch allow remote attackers to cause a denial of service (application crash) via a crafted input.

1 affected packages

squashfs-tools

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
squashfs-tools Not affected Not affected
Show less packages

CVE-2015-4645

Low priority
Ignored

Integer overflow in the read_fragment_table_4 function in unsquash-4.c in Squashfs and sasquatch allows remote attackers to cause a denial of service (application crash) via a crafted input, which triggers a stack-based buffer overflow.

1 affected packages

squashfs-tools

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
squashfs-tools Not affected Not affected
Show less packages

CVE-2012-4025

Low priority
Ignored

Integer overflow in the queue_init function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted block_log field in the superblock of a .sqsh file, leading to a...

1 affected packages

squashfs-tools

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
squashfs-tools Not affected
Show less packages

CVE-2012-4024

Low priority
Ignored

Stack-based buffer overflow in the get_component function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted list file (aka a crafted file for the -ef option)....

1 affected packages

squashfs-tools

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
squashfs-tools Not affected
Show less packages