Search for packages
| purl | pkg:deb/ubuntu/dpkg@1.17.5ubuntu5.4 |
| Next non-vulnerable version | 1.18.24ubuntu1 |
| Latest non-vulnerable version | 1.18.24ubuntu1 |
| Risk | 4.4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-bace-jatv-aaac
Aliases: CVE-2015-0860 |
Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an "old-style" Debian binary package, which triggers a stack-based buffer overflow. |
Affected by 2 other vulnerabilities. |
|
VCID-v1fh-mtmc-aaab
Aliases: CVE-2017-8283 |
dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD. |
Affected by 0 other vulnerabilities. |
|
VCID-v83g-rs1y-aaaq
Aliases: CVE-2014-8625 |
Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name. |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-eenk-p5sk-aaac | The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc). |
CVE-2015-0840
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|