Back to search
CVE-2012-4024
Published: Jul 19, 2012
Modified: Aug 6, 2024
PUBLISHED
Description
Stack-based buffer overflow in the get_component function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted list file (aka a crafted file for the -ef option). NOTE: probably in most cases, the list file is a trusted file constructed by the program's user; however, there are some realistic situations in which a list file would be obtained from an untrusted remote source.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[oss-security] 20120719 CVE-2012-4024 and CVE-2012-4025: Squashfs overflows
mailing-list
x_refsource_MLIST
83898
vdb-entry
x_refsource_OSVDB
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0001
x_refsource_CONFIRM
54610
vdb-entry
x_refsource_BID
GLSA-201612-40
vendor-advisory
x_refsource_GENTOO
MDVSA-2013:128
vendor-advisory
x_refsource_MANDRIVA
squashfs-getcomponent-bo(77106)
vdb-entry
x_refsource_XF
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now