Search for packages
| purl | pkg:deb/debian/dpkg@1.17.12 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-bace-jatv-aaac
Aliases: CVE-2015-0860 |
Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an "old-style" Debian binary package, which triggers a stack-based buffer overflow. |
Affected by 3 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-eenk-p5sk-aaac
Aliases: CVE-2015-0840 |
The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc). |
Affected by 3 other vulnerabilities. |
|
VCID-hy4s-c76f-aaak
Aliases: CVE-2022-1664 |
Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs. |
Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
|
VCID-v1fh-mtmc-aaab
Aliases: CVE-2017-8283 |
dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD. |
Affected by 1 other vulnerability. |
|
VCID-v83g-rs1y-aaaq
Aliases: CVE-2014-8625 |
Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name. |
Affected by 3 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-21T14:55:29.610928+00:00 | Debian Oval Importer | Affected by | VCID-hy4s-c76f-aaak | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T13:42:24.827179+00:00 | Debian Oval Importer | Affected by | VCID-v83g-rs1y-aaaq | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T13:32:08.269138+00:00 | Debian Oval Importer | Affected by | VCID-bace-jatv-aaac | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T13:16:42.002820+00:00 | Debian Oval Importer | Affected by | VCID-eenk-p5sk-aaac | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T12:30:28.453825+00:00 | Debian Oval Importer | Affected by | VCID-v1fh-mtmc-aaab | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T09:36:02.840863+00:00 | Debian Oval Importer | Affected by | VCID-bace-jatv-aaac | https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 | 36.1.3 |
| 2025-06-21T01:19:01.535604+00:00 | Debian Oval Importer | Affected by | VCID-hy4s-c76f-aaak | None | 36.1.3 |
| 2025-06-20T22:05:52.035834+00:00 | Debian Oval Importer | Affected by | VCID-v83g-rs1y-aaaq | None | 36.1.3 |
| 2025-06-20T21:28:45.008998+00:00 | Debian Oval Importer | Affected by | VCID-v1fh-mtmc-aaab | None | 36.1.3 |
| 2025-06-20T21:12:06.682169+00:00 | Debian Oval Importer | Affected by | VCID-eenk-p5sk-aaac | None | 36.1.3 |
| 2025-06-20T19:50:15.795725+00:00 | Debian Oval Importer | Affected by | VCID-bace-jatv-aaac | None | 36.1.3 |
| 2025-06-08T07:48:58.013604+00:00 | Debian Oval Importer | Affected by | VCID-hy4s-c76f-aaak | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T06:36:37.668157+00:00 | Debian Oval Importer | Affected by | VCID-v83g-rs1y-aaaq | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T06:26:10.966458+00:00 | Debian Oval Importer | Affected by | VCID-bace-jatv-aaac | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T06:11:20.789952+00:00 | Debian Oval Importer | Affected by | VCID-eenk-p5sk-aaac | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T05:29:55.676020+00:00 | Debian Oval Importer | Affected by | VCID-v1fh-mtmc-aaab | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T03:24:38.970060+00:00 | Debian Oval Importer | Affected by | VCID-bace-jatv-aaac | https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 | 36.1.0 |
| 2025-06-07T18:41:47.455156+00:00 | Debian Oval Importer | Affected by | VCID-hy4s-c76f-aaak | None | 36.1.0 |
| 2025-06-07T15:29:43.770051+00:00 | Debian Oval Importer | Affected by | VCID-v83g-rs1y-aaaq | None | 36.1.0 |
| 2025-06-07T14:51:24.990781+00:00 | Debian Oval Importer | Affected by | VCID-v1fh-mtmc-aaab | None | 36.1.0 |
| 2025-06-07T14:36:44.730517+00:00 | Debian Oval Importer | Affected by | VCID-eenk-p5sk-aaac | None | 36.1.0 |
| 2025-06-07T13:41:45.921422+00:00 | Debian Oval Importer | Affected by | VCID-bace-jatv-aaac | None | 36.1.0 |
| 2025-04-12T22:12:14.462245+00:00 | Debian Oval Importer | Affected by | VCID-eenk-p5sk-aaac | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T22:08:11.925349+00:00 | Debian Oval Importer | Affected by | VCID-hy4s-c76f-aaak | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T21:42:52.941269+00:00 | Debian Oval Importer | Affected by | VCID-v83g-rs1y-aaaq | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T20:43:07.585125+00:00 | Debian Oval Importer | Affected by | VCID-bace-jatv-aaac | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T19:50:25.670223+00:00 | Debian Oval Importer | Affected by | VCID-v1fh-mtmc-aaab | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-08T06:21:24.565165+00:00 | Debian Oval Importer | Affected by | VCID-hy4s-c76f-aaak | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T05:08:58.378293+00:00 | Debian Oval Importer | Affected by | VCID-v83g-rs1y-aaaq | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T04:58:29.540306+00:00 | Debian Oval Importer | Affected by | VCID-bace-jatv-aaac | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T04:43:25.528545+00:00 | Debian Oval Importer | Affected by | VCID-eenk-p5sk-aaac | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T04:01:11.826548+00:00 | Debian Oval Importer | Affected by | VCID-v1fh-mtmc-aaab | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T01:52:02.337719+00:00 | Debian Oval Importer | Affected by | VCID-bace-jatv-aaac | https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 | 36.0.0 |
| 2025-04-07T17:19:35.784537+00:00 | Debian Oval Importer | Affected by | VCID-hy4s-c76f-aaak | None | 36.0.0 |
| 2025-04-07T14:00:48.185454+00:00 | Debian Oval Importer | Affected by | VCID-v83g-rs1y-aaaq | None | 36.0.0 |
| 2025-04-07T13:23:25.217597+00:00 | Debian Oval Importer | Affected by | VCID-v1fh-mtmc-aaab | None | 36.0.0 |
| 2025-04-07T13:08:52.937902+00:00 | Debian Oval Importer | Affected by | VCID-eenk-p5sk-aaac | None | 36.0.0 |
| 2025-04-07T12:17:04.452960+00:00 | Debian Oval Importer | Affected by | VCID-bace-jatv-aaac | None | 36.0.0 |