CVE-2012-4025

描述

Integer overflow in the queue_init function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted block_log field in the superblock of a .sqsh file, leading to a heap-based buffer overflow.

受影響套件(1)

• Debian/squashfs-toolsfrom 0, < 1:4.2+20121212-1

參考連結(1)

• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2012-4025