suse · CVE-2012-4025

Quick triage

Priority: medium Published: 2021-05-30 13:05:40 UTC Updated: 2026-04-18 19:09:24 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2012-4025 severity moderate: SUSE including 10 source package names (squashfs-4.3-1.15, squashfs-4.3-1.29, …), 24 product×package rows across 24 product lines (SUSE Linux Enterprise Desktop 12, SUSE Linux Enterprise Desktop 12 SP1, … (24 product lines)): Fixed 24.

Description:

Integer overflow in the queue_init function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted block_log field in the superblock of a .sqsh file, leading to a heap-based buffer overflow.

cvelogic Threat Intelligence