Lucene search

K
osvGoogleOSV:USN-5078-3
HistoryOct 13, 2021 - 12:59 a.m.

squashfs-tools vulnerability

2021-10-1300:59:27
Google
osv.dev
9
squashfs-tools
vulnerability
mishandling

AI Score

6.7

Confidence

Low

EPSS

0.005

Percentile

76.3%

USN-5078-1 fixed a vulnerability in Squashfs-Tools. That update was
incomplete and could still result in Squashfs-Tools mishandling certain
malformed SQUASHFS files. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Richard Weinberger discovered that Squashfs-Tools mishandled certain
malformed SQUASHFS files. An attacker could use this vulnerability to
write arbitrary files to the filesystem.