Format String Vulnerabilities in DPKG by Debian
CVE-2014-8625

Currently unrated

Key Information:

Vendor: Debian
Status: Dpkg
Vendor: CVE Published:; 20 January 2015

Summary

Multiple format string vulnerabilities exist in the parse_error_msg function of the dpkg package manager. These vulnerabilities can be exploited by remote attackers who manipulate format string specifiers in package or architecture names. Successful exploitation may lead to a denial of service (causing a crash) and potential execution of arbitrary code, compromising system integrity and security.

References

http://seclists.org/oss-sec/2014/q4/551

mailing-listx_refsource_MLIST

https://exchange.xforce.ibmcloud.com/vulnerabilities/98551

vdb-entryx_refsource_XF

http://lists.fedoraproject.org/pipermail/package-announce...

vendor-advisoryx_refsource_FEDORA

Timeline

Vulnerability published
Jan 20, 2015
Vulnerability Reserved
Nov 6, 2014