VDB
CVE-2012-4025
CVE-2012-4025
PUBLISHED
CVSS 6.800000190734863 MEDIUM
Integer overflow in the queue_init function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted block_log field in the superblock of a .sqsh file, leading to a heap-based buffer overflow.
EPSS 2.35% · 85.2th percentile
Risk Scores
CVSS 2.0
6.800000190734863
EPSS Score
2.35%
85.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| squashfs_project | squashfs | 0 |
Timeline
- Jul 19, 2012 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 7, 2023 EPSS Score
References
- [oss-security] 20120719 CVE-2012-4024 and CVE-2012-4025: Squashfs overflows mailing-list
- 83899 vdb
- https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0001 url
- http://sourceforge.net/mailarchive/forum.php?thread_name=CAAoG81HL9oP8roPLLhftTSXTzSD%2BZcR66PRkVU%3Df76W3Mjde_w%40mail.gmail.com&forum_name=squashfs-devel url
- 54610 vdb
- GLSA-201612-40 vendor-advisory
- MDVSA-2013:128 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2012-4025 advisory