Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
squashfs vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2012-4024
Stack-based buffer overflow in the get_component function in unsquashfs.c in unsquashfs in Squashfs 4.2 and previous versions allows remote malicious users to execute arbitrary code via a crafted list file (aka a crafted file for the -ef option). NOTE: probably in most cases, the...
Squashfs Project Squashfs
6.8
CVSSv2
CVE-2012-4025
Integer overflow in the queue_init function in unsquashfs.c in unsquashfs in Squashfs 4.2 and previous versions allows remote malicious users to execute arbitrary code via a crafted block_log field in the superblock of a .sqsh file, leading to a heap-based buffer overflow.
Squashfs Project Squashfs
5
CVSSv2
CVE-2015-4646
(1) unsquash-1.c, (2) unsquash-2.c, (3) unsquash-3.c, and (4) unsquash-4.c in Squashfs and sasquatch allow remote malicious users to cause a denial of service (application crash) via a crafted input.
Squashfs Project Squashfs
4.3
CVSSv2
CVE-2015-4645
Integer overflow in the read_fragment_table_4 function in unsquash-4.c in Squashfs and sasquatch allows remote malicious users to cause a denial of service (application crash) via a crafted input, which triggers a stack-based buffer overflow.
Squashfs Project Squashfs
Fedoraproject Fedora 21
Fedoraproject Fedora 22
5.8
CVSSv2
CVE-2021-41072
squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs ...
Squashfs-tools Project Squashfs-tools 4.5
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
5.8
CVSSv2
CVE-2021-40153
squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing...
Squashfs-tools Project Squashfs-tools 4.5
Fedoraproject Fedora 34
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 8.0
Fedoraproject Fedora 33
NA
CVE-2023-40481
This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing...
1 Github repository
4.9
CVSSv2
CVE-2006-5701
Double free vulnerability in squashfs module in the Linux kernel 2.6.x, as used in Fedora Core 5 and possibly other distributions, allows local users to cause a denial of service by mounting a crafted squashfs filesystem.
Linux Linux Kernel 2.6.0
Linux Linux Kernel 2.6.10
Linux Linux Kernel 2.6.11.7
Linux Linux Kernel 2.6.11.8
Linux Linux Kernel 2.6.12.4
Linux Linux Kernel 2.6.12.5
Linux Linux Kernel 2.6.13.2
Linux Linux Kernel 2.6.13.3
Linux Linux Kernel 2.6.14.1
Linux Linux Kernel 2.6.14.2
Linux Linux Kernel 2.6.14.3
Linux Linux Kernel 2.6.15
Linux Linux Kernel 2.6.15.1
Linux Linux Kernel 2.6.16
Linux Linux Kernel 2.6.16.7
Linux Linux Kernel 2.6.16.9
Linux Linux Kernel 2.6.11
Linux Linux Kernel 2.6.11.11
Linux Linux Kernel 2.6.12.6
Linux Linux Kernel 2.6.12
Linux Linux Kernel 2.6.13.4
Linux Linux Kernel 2.6.13
1 EDB exploit
NA
CVE-2022-33967
squashfs filesystem implementation of U-Boot versions from v2020.10-rc2 to v2022.07-rc5 contains a heap-based buffer overflow vulnerability due to a defect in the metadata reading process. Loading a specially crafted squashfs image may lead to a denial-of-service (DoS) condition ...
Denx U-boot 2021.04
Denx U-boot 2022.07
Denx U-boot 2022.01
Denx U-boot 2020.10
Denx U-boot 2021.01
Denx U-boot 2022.04
10
CVSSv2
CVE-2019-17509
D-Link DIR-846 devices with firmware 100A35 allow remote malicious users to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetMasterWLanSettings with shell metacharacters to /squashfs-root/www/HNAP1/control/SetMasterWLanSettings...
Dlink Dir-846 Firmware 100a35
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028
CVE-2024-32406
CVE-2024-25624
IMAP
CVE-2024-2310
CVE-2024-0874
CVE-2024-20359
XXE
remote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »