CVE-2022-4510

Binwalk (2.1.2b–2.3.3) is affected by a path traversal vulnerability in its PFS extractor and can lead to remote code execution by crafting a malicious PFS filesystem. The issue stems from unpfs.py in the binwalk source tree, allowing extraction to arbitrary locations and potentially loading a ma...

CVE-2021-4287

CVE-2021-4287 affects ReFirm Labs binwalk up to version 2.3.2; the issue is in src/binwalk/modules/extractor.py of the Archive Extraction Handler, where manipulation leads to symlink following and enables a remote attack. A fix is available in binwalk 2.3.3, with patch name fa0c0bd59b858881475694...