CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2012-4024

Stack-based buffer overflow in the get_component function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted list file (aka a crafted file for the -ef option). NOTE: probably in most cases, the list file is a trusted file constructed by the program's user; however, there are some realistic situations in which a list file would be obtained from an untrusted remote source.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.023

EPSS Ranking 84.0%

CVSS Severity

CVSS v2 Score 6.8

References

Products affected by CVE-2012-4024

Squashfs Project » Squashfs » Version: 1.3

cpe:2.3:a:squashfs_project:squashfs:1.3
Squashfs Project » Squashfs » Version: 2.0

cpe:2.3:a:squashfs_project:squashfs:2.0
Squashfs Project » Squashfs » Version: 2.1

cpe:2.3:a:squashfs_project:squashfs:2.1
Squashfs Project » Squashfs » Version: 2.2

cpe:2.3:a:squashfs_project:squashfs:2.2
Squashfs Project » Squashfs » Version: 3.0

cpe:2.3:a:squashfs_project:squashfs:3.0
Squashfs Project » Squashfs » Version: 3.1

cpe:2.3:a:squashfs_project:squashfs:3.1
Squashfs Project » Squashfs » Version: 3.2

cpe:2.3:a:squashfs_project:squashfs:3.2
Squashfs Project » Squashfs » Version: 3.3

cpe:2.3:a:squashfs_project:squashfs:3.3
Squashfs Project » Squashfs » Version: 3.4

cpe:2.3:a:squashfs_project:squashfs:3.4
Squashfs Project » Squashfs » Version: 4.0

cpe:2.3:a:squashfs_project:squashfs:4.0
Squashfs Project » Squashfs » Version: 4.1

cpe:2.3:a:squashfs_project:squashfs:4.1
Squashfs Project » Squashfs » Version: 4.2

cpe:2.3:a:squashfs_project:squashfs:4.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2012-4024

Products

Pricing

Contact Us