VulnerableCode Package Details - pkg:deb/debian/libzstd@1.4.8%2Bdfsg-2.1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
VCID-vsrg-uyjf-6ycj Aliases: CVE-2022-4899 GHSA-5c9c-6x87-f9vm PYSEC-2023-121	zstd vulnerable to buffer overrun A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.	1.5.4+dfsg2-1 Affected by 0 other vulnerabilities. 1.5.4+dfsg2-5 Affected by 0 other vulnerabilities. 1.5.7+dfsg-1 Affected by 0 other vulnerabilities. 1.5.7+dfsg-3 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-vsrg-uyjf-6ycj
Aliases:
CVE-2022-4899
GHSA-5c9c-6x87-f9vm
PYSEC-2023-121

zstd vulnerable to buffer overrun A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.

1.5.4+dfsg2-1
Affected by 0 other vulnerabilities.

1.5.4+dfsg2-5
Affected by 0 other vulnerabilities.

1.5.7+dfsg-1
Affected by 0 other vulnerabilities.

1.5.7+dfsg-3
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-5gmn-3j8n-ubbs	zstd: Race condition allows attacker to access world-readable destination file	CVE-2021-24032
VCID-d8vr-arx7-kygz	zstd: adds read permissions to files while being compressed or uncompressed	CVE-2021-24031
VCID-e9jr-kmds-afbr	zstd: race condition in one-pass compression functions that could allow out of bounds write	CVE-2019-11922

Vulnerability

Summary

Aliases

VCID-5gmn-3j8n-ubbs

zstd: Race condition allows attacker to access world-readable destination file

CVE-2021-24032

VCID-d8vr-arx7-kygz

zstd: adds read permissions to files while being compressed or uncompressed

CVE-2021-24031

VCID-e9jr-kmds-afbr

zstd: race condition in one-pass compression functions that could allow out of bounds write

CVE-2019-11922

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T13:07:11.517864+00:00	Debian Importer	Fixing	VCID-e9jr-kmds-afbr	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:57:29.436060+00:00	Debian Importer	Fixing	VCID-5gmn-3j8n-ubbs	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:49:10.131655+00:00	Debian Importer	Fixing	VCID-d8vr-arx7-kygz	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T09:01:20.054154+00:00	Debian Importer	Fixing	VCID-e9jr-kmds-afbr	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:54:02.765454+00:00	Debian Importer	Fixing	VCID-5gmn-3j8n-ubbs	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:33:40.376992+00:00	Debian Importer	Fixing	VCID-d8vr-arx7-kygz	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:30:16.600878+00:00	Debian Importer	Affected by	VCID-vsrg-uyjf-6ycj	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:30:16.571282+00:00	Debian Importer	Fixing	VCID-5gmn-3j8n-ubbs	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:30:16.521474+00:00	Debian Importer	Fixing	VCID-d8vr-arx7-kygz	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:30:16.472782+00:00	Debian Importer	Fixing	VCID-e9jr-kmds-afbr	https://security-tracker.debian.org/tracker/data/json	38.1.0