VYPR
Vendor

dpkg

Products
1
CVEs
4
Across products
4
Status
Private

Products

1

Recent CVEs

4
  • CVE-2025-6297HigJul 1, 2025
    risk 0.53cvss 8.2epss 0.00

    It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given…

  • CVE-2026-2219HigMar 7, 2026
    risk 0.49cvss 7.5epss 0.00

    It was discovered that dpkg-deb (a component of dpkg, the Debian package management system) does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service (infinite loop spinning the CPU).

  • CVE-2010-1679Jan 11, 2011
    risk 0.00cvss epss 0.03

    Directory traversal vulnerability in dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via directory traversal sequences in a patch for a source-format 3.0 package.

  • CVE-2004-2768Jun 8, 2010
    risk 0.00cvss epss 0.00

    dpkg 1.9.21 does not properly reset the metadata of a file during replacement of the file in a package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid file, (2) setgid file, or (3) device, a related issue to…