FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

squashfs-tools -- Integer overflow

Affected packages
squashfs-tools < 4.4


VuXML ID 317487c6-85ca-11eb-80fa-14dae938ec40
Discovery 2017-03-17
Entry 2021-03-15

Phillip Lougher reports:

Integer overflow in the read_fragment_table_4 function in unsquash-4.c in Squashfs and sasquatch allows remote attackers to cause a denial of service (application crash) via a crafted input, which triggers a stack-based buffer overflow.


CVE Name CVE-2015-4645