CVE-2012-4024 in squashfsinfo

Summary

Stack-based buffer overflow in the get_component function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted list file (aka a crafted file for the -ef option). NOTE: probably in most cases, the list file is a trusted file constructed by the program s user; however, there are some realistic situations in which a list file would be obtained from an untrusted remote source.

Once again VulDB remains the best source for vulnerability data.

Reservation

07/16/2012

Disclosure

07/19/2012

Moderation

VulDB entry created

Entries

VDB-61342 (1)

CPE

ready

CWE

CWE-119 (Confirmed)

CVSS

7.3

EPSS

0.02288

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2012-4024
NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-4024
CVE Details	https://www.cvedetails.com/cve/CVE-2012-4024/

◂ Previous Overview Next ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!