4 matches found
CVE-2015-4645
CVE-2015-4645 affects squashfs-tools; the vulnerability is an integer overflow in read_fragment_table_4 (unsquash-4.c) in SquashFS/Sasquatch, enabling a crafted input to trigger a stack-based buffer overflow and cause a denial of service. Affected package: squashfs-tools. Remediation: upgrade to ...
CVE-2015-4646
CVE-2015-4646 affects Squashfs-tools (unsquash-1.c/unsquash-2.c/unsquash-3.c/unsquash-4.c). A crafted input can cause a denial of service (application crash) via the unsquash process. Public advisories and vendor notifications reference multiple affected releases (e.g., Squashfs-tools in various ...
CVE-2012-4025
CVE-2012-4025 affects Squashfs-tools (squashfs) up to version 4.2. The issue is an integer overflow in queue_init() inside unsquashfs.c, which can allow a remote attacker to cause a heap-based buffer overflow by supplying a crafted block_log in the superblock of a .sqsh file, enabling arbitrary c...
CVE-2012-4024
CVE-2012-4024 concerns a stack-based buffer overflow in the get_component function of unsquashfs.c in Squashfs tooling (unsquashfs) up to version 4.2. Exploitation via a crafted list file for the -ef option could allow remote arbitrary code execution. Connected advisories confirm the flaw affects...