VDB
CVE-2012-4024
CVE-2012-4024
PUBLISHED
CVSS 6.800000190734863 MEDIUM
Stack-based buffer overflow in the get_component function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted list file (aka a crafted file for the -ef option). NOTE: probably in most cases, the list file is a trusted file constructed by the program's user; however, there are some realistic situations in which a list file would be obtained from an untrusted remote source.
EPSS 2.29% · 85.0th percentile
Risk Scores
CVSS 2.0
6.800000190734863
EPSS Score
2.29%
85.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| squashfs_project | squashfs | 0 |
| n/a | n/a | n/a |
Timeline
- Jul 19, 2012 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 13, 2022 CVE Updated
- May 20, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
References
- [oss-security] 20120719 CVE-2012-4024 and CVE-2012-4025: Squashfs overflows mailing-list
- 83898 vdb
- https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0001 url
- http://sourceforge.net/mailarchive/forum.php?thread_name=CAAoG81HL9oP8roPLLhftTSXTzSD%2BZcR66PRkVU%3Df76W3Mjde_w%40mail.gmail.com&forum_name=squashfs-devel url
- 54610 vdb
- GLSA-201612-40 vendor-advisory
- MDVSA-2013:128 vendor-advisory
- squashfs-getcomponent-bo(77106) vdb
- https://nvd.nist.gov/vuln/detail/CVE-2012-4024 advisory