Squashfs Project Squashfs vulnerabilities

CVE-2015-4646 [HIGH] CWE-20 CVE-2015-4646: (1) unsquash-1.c, (2) unsquash-2.c, (3) unsquash-3.c, and (4) unsquash-4.c in Squashfs and sasquatch (1) unsquash-1.c, (2) unsquash-2.c, (3) unsquash-3.c, and (4) unsquash-4.c in Squashfs and sasquatch allow remote attackers to cause a denial of service (application crash) via a crafted input.

CVE-2015-4645 [MEDIUM] CWE-190 CVE-2015-4645: Integer overflow in the read_fragment_table_4 function in unsquash-4.c in Squashfs and sasquatch all Integer overflow in the read_fragment_table_4 function in unsquash-4.c in Squashfs and sasquatch allows remote attackers to cause a denial of service (application crash) via a crafted input, which triggers a stack-based buffer overflow.

CVE-2012-4025 [MEDIUM] CWE-190 CVE-2012-4025: Integer overflow in the queue_init function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlie Integer overflow in the queue_init function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted block_log field in the superblock of a .sqsh file, leading to a heap-based buffer overflow.

CVE-2012-4024 [MEDIUM] CWE-787 CVE-2012-4024: Stack-based buffer overflow in the get_component function in unsquashfs.c in unsquashfs in Squashfs Stack-based buffer overflow in the get_component function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted list file (aka a crafted file for the -ef option). NOTE: probably in most cases, the list file is a trusted file constructed by the program's user; however, there are some re