CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4646 – Gentoo Linux Security Advisory 201701-73
https://notcve.org/view.php?id=CVE-2015-4646
30 Jan 2017 — (1) unsquash-1.c, (2) unsquash-2.c, (3) unsquash-3.c, and (4) unsquash-4.c in Squashfs and sasquatch allow remote attackers to cause a denial of service (application crash) via a crafted input. (1) unsquash-1.c, (2) unsquash-2.c, (3) unsquash-3.c, y (4) unsquash-4.c en Squashfs y sasquatch permiten a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de una entrada manipulada manualmente. Multiple vulnerabilities have been discovered in SQUASHFS, the worst of which may allo... • http://seclists.org/oss-sec/2015/q2/756 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 1%CPEs: 3EXPL: 0CVE-2015-4645 – Gentoo Linux Security Advisory 201701-73
https://notcve.org/view.php?id=CVE-2015-4645
30 Jan 2017 — Integer overflow in the read_fragment_table_4 function in unsquash-4.c in Squashfs and sasquatch allows remote attackers to cause a denial of service (application crash) via a crafted input, which triggers a stack-based buffer overflow. Desbordamiento de enteros en la función read_fragment_table_4 en unsquash-4.c en Squashfs y sasquatch permite que atacantes remotos provocar una denegación de servicio (caída de la aplicación) a través de una entrada manipulada, lo que desencadena un desbordamiento de búfer ... • http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162171.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 7%CPEs: 1EXPL: 0CVE-2012-4025 – Gentoo Linux Security Advisory 201612-40
https://notcve.org/view.php?id=CVE-2012-4025
19 Jul 2012 — Integer overflow in the queue_init function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted block_log field in the superblock of a .sqsh file, leading to a heap-based buffer overflow. Un desbordamiento de entero en la función queue_init en unsquashfs.c en unsquashfs en Squashfs v4.2 y anteriores permite a atacantes remotos ejecutar código de su elección a través de un campo block_log diseñado para tal fin en el superbloque de un archi... • http://sourceforge.net/mailarchive/forum.php?thread_name=CAAoG81HL9oP8roPLLhftTSXTzSD%2BZcR66PRkVU%3Df76W3Mjde_w%40mail.gmail.com&forum_name=squashfs-devel • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 4%CPEs: 1EXPL: 0CVE-2012-4024 – Gentoo Linux Security Advisory 201612-40
https://notcve.org/view.php?id=CVE-2012-4024
19 Jul 2012 — Stack-based buffer overflow in the get_component function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted list file (aka a crafted file for the -ef option). NOTE: probably in most cases, the list file is a trusted file constructed by the program's user; however, there are some realistic situations in which a list file would be obtained from an untrusted remote source. Un desbordamiento de búfer basado en pila en la función get_compone... • http://sourceforge.net/mailarchive/forum.php?thread_name=CAAoG81HL9oP8roPLLhftTSXTzSD%2BZcR66PRkVU%3Df76W3Mjde_w%40mail.gmail.com&forum_name=squashfs-devel • CWE-787: Out-of-bounds Write •