A flaw was found in Squashfs-tools, where it is vulnerable to attacks similar to zip-slip. During extraction, a file can escape the destination directory either via the ‘…/’ string to access the parent directory or via symlinks. This flaw allows a specially crafted squashfs archive to install or overwrite files outside of the destination directory.