Search for vulnerabilities
Vulnerability details: VCID-v83g-rs1y-aaaq
Vulnerability ID VCID-v83g-rs1y-aaaq
Aliases CVE-2014-8625
Summary Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name.
Status Published
Exploitability 0.5
Weighted Severity 6.1
Risk 3.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-134 Use of Externally-Controlled Format String
System Score Found at
generic_textual Low http://openwall.com/lists/oss-security/2014/11/07/2
generic_textual Low http://openwall.com/lists/oss-security/2014/11/07/4
generic_textual Low http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-8625.html
epss 0.02462 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.02462 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.02462 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.02462 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.02462 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.02462 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.02462 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.02462 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.02462 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.02462 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.02462 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.02462 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.02462 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.02462 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.02462 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.02462 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.02462 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.02462 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.02462 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.02462 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.02462 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.02462 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.02462 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.02462 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.02462 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.02462 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.02462 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.02462 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.02462 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.02462 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.02462 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.02462 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.02462 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.02462 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.02462 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.02462 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.02462 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.02462 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.02462 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.02462 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.02462 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.02462 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.02462 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.02462 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.02462 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.02462 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.02462 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.02462 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.02462 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.02462 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.02462 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.02462 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.02462 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.02462 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.02462 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.02462 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.02462 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.02462 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.02462 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.02462 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.02462 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.02462 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.02462 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.02462 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.04766 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.05589 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.05589 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.05589 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.05589 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.05589 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.05589 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.05589 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.05589 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.05589 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.05589 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.05589 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.05966 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.05966 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.05966 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
epss 0.05966 https://api.first.org/data/v1/epss?cve=CVE-2014-8625
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8625
cvssv2 6.8 https://nvd.nist.gov/vuln/detail/CVE-2014-8625
Reference id Reference type URL
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157387.html
http://openwall.com/lists/oss-security/2014/11/07/2
http://openwall.com/lists/oss-security/2014/11/07/4
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-8625.html
https://api.first.org/data/v1/epss?cve=CVE-2014-8625
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768485
https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/1389135
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8625
http://seclists.org/oss-sec/2014/q4/539
http://seclists.org/oss-sec/2014/q4/551
http://seclists.org/oss-sec/2014/q4/622
https://exchange.xforce.ibmcloud.com/vulnerabilities/98551
cpe:2.3:a:debian:dpkg:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:debian:dpkg:*:*:*:*:*:*:*:*
CVE-2014-8625 https://nvd.nist.gov/vuln/detail/CVE-2014-8625
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2014-8625
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.8382
EPSS Score 0.02462
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.