FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

squashfs-tools -- Integer overflow

Affected packages
squashfs-tools < 4.4

Details

VuXML ID 317487c6-85ca-11eb-80fa-14dae938ec40
Discovery 2017-03-17
Entry 2021-03-15

Phillip Lougher reports:

Integer overflow in the read_fragment_table_4 function in unsquash-4.c in Squashfs and sasquatch allows remote attackers to cause a denial of service (application crash) via a crafted input, which triggers a stack-based buffer overflow.

[source]

References

CVE Name CVE-2015-4645
URL https://nvd.nist.gov/vuln/detail/CVE-2015-4645

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.