Security Advisory

CVE-2012-4024

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2012-07-19 19:00:00
Last updated 2024-08-06 20:21:04
Assigner mitre
State PUBLISHED

Description

Stack-based buffer overflow in the get_component function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted list file (aka a crafted file for the -ef option). NOTE: probably in most cases, the list file is a trusted file constructed by the programs user; however, there are some realistic situations in which a list file would be obtained from an untrusted remote source.