VulnerableCode Package Details - pkg:deb/debian/dpkg@1.17.12

Search for packages

Vulnerability	Summary	Fixed by
VCID-e1fu-mzvj-xydx Aliases: CVE-2017-8283	dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD.	1.18.24 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-strx-c9sj-9bbb Aliases: CVE-2015-0860	A vulnerability was discovered in dpkg which could potentially lead to arbitrary code execution.	1.17.27 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 1.18.24 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-umm6-cgs8-pyg3 Aliases: CVE-2014-8625	Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name.	1.17.25 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-xxdx-hfvz-tfaf Aliases: CVE-2022-1664	A vulnerability has been discovered in dpkg, which allows for directory traversal.	1.19.8 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 1.20.13 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-zypq-un6n-eugq Aliases: CVE-2015-0840	security update	1.17.25 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-e1fu-mzvj-xydx
Aliases:
CVE-2017-8283

dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD.

1.18.24
Affected by 1 other vulnerability.

VCID-strx-c9sj-9bbb
Aliases:
CVE-2015-0860

A vulnerability was discovered in dpkg which could potentially lead to arbitrary code execution.

1.17.27
Affected by 3 other vulnerabilities.

1.18.24
Affected by 1 other vulnerability.

VCID-umm6-cgs8-pyg3
Aliases:
CVE-2014-8625

Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name.

1.17.25
Affected by 3 other vulnerabilities.

VCID-xxdx-hfvz-tfaf
Aliases:
CVE-2022-1664

A vulnerability has been discovered in dpkg, which allows for directory traversal.

1.19.8
Affected by 1 other vulnerability.

1.20.13
Affected by 1 other vulnerability.

VCID-zypq-un6n-eugq
Aliases:
CVE-2015-0840

security update

1.17.25
Affected by 3 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T00:25:25.801134+00:00	Debian Oval Importer	Affected by	VCID-zypq-un6n-eugq	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-16T00:19:15.094858+00:00	Debian Oval Importer	Affected by	VCID-xxdx-hfvz-tfaf	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T23:38:58.824307+00:00	Debian Oval Importer	Affected by	VCID-umm6-cgs8-pyg3	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T22:04:08.632923+00:00	Debian Oval Importer	Affected by	VCID-strx-c9sj-9bbb	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T20:42:38.765948+00:00	Debian Oval Importer	Affected by	VCID-e1fu-mzvj-xydx	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T14:59:54.528736+00:00	Debian Oval Importer	Affected by	VCID-xxdx-hfvz-tfaf	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.4.0
2026-04-15T13:27:46.018133+00:00	Debian Oval Importer	Affected by	VCID-strx-c9sj-9bbb	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	38.4.0
2026-04-11T23:58:53.705366+00:00	Debian Oval Importer	Affected by	VCID-zypq-un6n-eugq	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T23:52:52.913028+00:00	Debian Oval Importer	Affected by	VCID-xxdx-hfvz-tfaf	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T23:13:51.444373+00:00	Debian Oval Importer	Affected by	VCID-umm6-cgs8-pyg3	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T21:42:12.897357+00:00	Debian Oval Importer	Affected by	VCID-strx-c9sj-9bbb	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T20:23:41.133003+00:00	Debian Oval Importer	Affected by	VCID-e1fu-mzvj-xydx	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T14:48:10.012084+00:00	Debian Oval Importer	Affected by	VCID-xxdx-hfvz-tfaf	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.3.0
2026-04-11T13:16:28.406089+00:00	Debian Oval Importer	Affected by	VCID-strx-c9sj-9bbb	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	38.3.0
2026-04-08T23:30:30.063494+00:00	Debian Oval Importer	Affected by	VCID-zypq-un6n-eugq	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T23:24:48.394484+00:00	Debian Oval Importer	Affected by	VCID-xxdx-hfvz-tfaf	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T22:47:25.661098+00:00	Debian Oval Importer	Affected by	VCID-umm6-cgs8-pyg3	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T21:20:06.094428+00:00	Debian Oval Importer	Affected by	VCID-strx-c9sj-9bbb	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T20:04:17.183690+00:00	Debian Oval Importer	Affected by	VCID-e1fu-mzvj-xydx	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-07T23:20:55.189649+00:00	Debian Oval Importer	Affected by	VCID-xxdx-hfvz-tfaf	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.1.0
2026-04-07T21:52:25.609298+00:00	Debian Oval Importer	Affected by	VCID-strx-c9sj-9bbb	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	38.1.0