Sebas Sujeen

**Name of the Vulnerable Software and Affected Versions** Squashfs versions 4.2 and earlier **Description** The issue is related to a stack-based buffer overflow in the get component function in unsquashfs.c. This can be exploited by remote attackers to execute arbitrary code via a crafted list file, which is used with the -ef option. Typically, the list file is constructed by the program's user and is trusted, but there are scenarios where such a file could be obtained from an untrusted remote source. **Recommendations** For Squashfs versions 4.2 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Squashfs versions 4.2 and earlier **Description** The issue is related to an integer overflow in the queue init function in unsquashfs.c, which can be exploited by remote attackers via a crafted block log field in the superblock of a .sqsh file. This leads to a heap-based buffer overflow, potentially allowing the execution of arbitrary code. **Recommendations** For Squashfs versions 4.2 and earlier, update to a version later than 4.2 to resolve the issue.