Your submission was sent successfully! Close

CVE-2014-8625

Published: 20 January 2015

Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name.

Priority

Low

Status

Package Release Status
dpkg
Launchpad, Ubuntu, Debian
artful Not vulnerable
(1.17.24ubuntu1)
bionic Not vulnerable
(1.17.24ubuntu1)
cosmic Not vulnerable
(1.17.24ubuntu1)
disco Not vulnerable
(1.17.24ubuntu1)
eoan Not vulnerable
(1.17.24ubuntu1)
focal Not vulnerable
(1.17.24ubuntu1)
groovy Not vulnerable
(1.17.24ubuntu1)
hirsute Not vulnerable
(1.17.24ubuntu1)
impish Not vulnerable
(1.17.24ubuntu1)
jammy Not vulnerable
(1.17.24ubuntu1)
lucid Ignored
(reached end-of-life)
precise Ignored
(end of ESM support, was needed)
trusty Needed

upstream
Released (1.17.22)
utopic Ignored
(reached end-of-life)
vivid Not vulnerable
(1.17.24ubuntu1)
wily Not vulnerable
(1.17.24ubuntu1)
xenial Not vulnerable
(1.17.24ubuntu1)
yakkety Not vulnerable
(1.17.24ubuntu1)
zesty Not vulnerable
(1.17.24ubuntu1)