rpm package
opensuse/dpkg&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/dpkg&distro=openSUSE%20Tumbleweed
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-2219 | Hig | 7.5 | < 1.22.22-1.1 | 1.22.22-1.1 | Mar 7, 2026 | It was discovered that dpkg-deb (a component of dpkg, the Debian package management system) does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service (infinite loop spinning the CPU). | |
| CVE-2025-6297 | — | < 1.22.21-1.1 | 1.22.21-1.1 | Jul 1, 2025 | It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given | ||
| CVE-2015-0840 | — | < 1.18.10-1.4 | 1.18.10-1.4 | Apr 13, 2015 | The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc). |
- affected < 1.22.22-1.1fixed 1.22.22-1.1
It was discovered that dpkg-deb (a component of dpkg, the Debian package management system) does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service (infinite loop spinning the CPU).
- CVE-2025-6297Jul 1, 2025affected < 1.22.21-1.1fixed 1.22.21-1.1
It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given
- CVE-2015-0840Apr 13, 2015affected < 1.18.10-1.4fixed 1.18.10-1.4
The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc).