CVE-2012-4024
EPSS 2.3%
Description
Stack-based buffer overflow in the get_component function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted list file (aka a crafted file for the -ef option). NOTE: probably in most cases, the list file is a trusted file constructed by the program's user; however, there are some realistic situations in which a list file would be obtained from an untrusted remote source.
How to fix CVE-2012-4024
To remediate CVE-2012-4024, upgrade the affected package to a fixed version below.
- Debian/squashfs-tools—upgrade to 1:4.2+20121212-1 or later
Is CVE-2012-4024 being exploited?
Low — EPSS is 2.3%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1:4.2+20121212-1