Candidate: CVE-2012-4024 PublicDate: 2012-07-19 19:55:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4024 http://www.openwall.com/lists/oss-security/2012/07/19/6 http://sourceforge.net/mailarchive/forum.php?thread_name=CAAoG81HL9oP8roPLLhftTSXTzSD%2BZcR66PRkVU%3Df76W3Mjde_w%40mail.gmail.com&forum_name=squashfs-devel Description: Stack-based buffer overflow in the get_component function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted list file (aka a crafted file for the -ef option). NOTE: probably in most cases, the list file is a trusted file constructed by the program's user; however, there are some realistic situations in which a list file would be obtained from an untrusted remote source. Ubuntu-Description: Notes: Bugs: Priority: low Discovered-by: Sebas Sujeen Assigned-to: CVSS: Patches_squashfs-tools: upstream: https://sourceforge.net/p/squashfs/code/ci/19c38fba0be1ce949ab44310d7f49887576cc123/ upstream_squashfs-tools: released (1:4.2+20121212-1) hardy_squashfs-tools: DNE lucid_squashfs-tools: ignored (reached end-of-life) natty_squashfs-tools: ignored (reached end-of-life) oneiric_squashfs-tools: ignored (reached end-of-life) precise_squashfs-tools: ignored (reached end-of-life) precise/esm_squashfs-tools: DNE (precise was needed) quantal_squashfs-tools: ignored (reached end-of-life) raring_squashfs-tools: ignored (reached end-of-life) saucy_squashfs-tools: ignored (reached end-of-life) trusty_squashfs-tools: not-affected (1:4.2+20121212-1) trusty/esm_squashfs-tools: DNE (trusty was not-affected [1:4.2+20121212-1]) utopic_squashfs-tools: ignored (reached end-of-life) vivid_squashfs-tools: ignored (reached end-of-life) vivid/stable-phone-overlay_squashfs-tools: DNE vivid/ubuntu-core_squashfs-tools: not-affected (1:4.2+20121212-1) wily_squashfs-tools: ignored (reached end-of-life) xenial_squashfs-tools: not-affected (1:4.2+20121212-1) esm-infra/xenial_squashfs-tools: not-affected (1:4.2+20121212-1) yakkety_squashfs-tools: not-affected (1:4.2+20121212-1) zesty_squashfs-tools: not-affected (1:4.2+20121212-1) devel_squashfs-tools: not-affected (1:4.2+20121212-1)