Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an "old-style" Debian binary package, which triggers a stack-based buffer overflow.
Max CVSS
7.5
EPSS Score
14.39%
Published
2015-12-03
Updated
2017-07-01
The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc).
Max CVSS
4.3
EPSS Score
0.32%
Published
2015-04-13
Updated
2017-01-03
Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name.
Max CVSS
6.8
EPSS Score
9.04%
Published
2015-01-20
Updated
2017-09-08
3 vulnerabilities found