CVE-2012-4024

Name of the Vulnerable Software and Affected Versions Squashfs versions 4.2 and earlier

Description The issue is related to a stack-based buffer overflow in the get component function in unsquashfs.c. This can be exploited by remote attackers to execute arbitrary code via a crafted list file, which is used with the -ef option. Typically, the list file is constructed by the program's user and is trusted, but there are scenarios where such a file could be obtained from an untrusted remote source.

Recommendations For Squashfs versions 4.2 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.