{"id":"DEBIAN-CVE-2012-4024","details":"Stack-based buffer overflow in the get_component function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted list file (aka a crafted file for the -ef option).  NOTE: probably in most cases, the list file is a trusted file constructed by the program's user; however, there are some realistic situations in which a list file would be obtained from an untrusted remote source.","modified":"2026-04-28T20:08:00.458461Z","published":"2012-07-19T19:55:02.063Z","upstream":["CVE-2012-4024"],"references":[{"type":"ADVISORY","url":"https://security-tracker.debian.org/tracker/CVE-2012-4024"}],"affected":[{"package":{"name":"squashfs-tools","ecosystem":"Debian:11","purl":"pkg:deb/debian/squashfs-tools?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:4.2+20121212-1"}]}],"ecosystem_specific":{"urgency":"low"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2012-4024.json"}},{"package":{"name":"squashfs-tools","ecosystem":"Debian:12","purl":"pkg:deb/debian/squashfs-tools?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:4.2+20121212-1"}]}],"ecosystem_specific":{"urgency":"low"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2012-4024.json"}},{"package":{"name":"squashfs-tools","ecosystem":"Debian:13","purl":"pkg:deb/debian/squashfs-tools?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:4.2+20121212-1"}]}],"ecosystem_specific":{"urgency":"low"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2012-4024.json"}},{"package":{"name":"squashfs-tools","ecosystem":"Debian:14","purl":"pkg:deb/debian/squashfs-tools?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:4.2+20121212-1"}]}],"ecosystem_specific":{"urgency":"low"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2012-4024.json"}}],"schema_version":"1.7.5"}