Every CVE whose affected-product data names Debian Dpkg, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (14)
CVE-2022-1664 — CVSS 9.8 (critical): Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a…
CVE-2017-8283 — CVSS 9.8 (critical): dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for…
CVE-2025-6297 — CVSS 8.2 (high): It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary…
CVE-2015-0860 — CVSS 7.5 (high): Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and…
CVE-2026-2219 — CVSS 7.5 (high): It was discovered that dpkg-deb (a component of dpkg, the Debian package management system) does not properly validate the end of the data…
CVE-2004-2768 — CVSS 7.2 (high): dpkg 1.9.21 does not properly reset the metadata of a file during replacement of the file in a package upgrade, which might allow local…
CVE-2014-3127 — CVSS 7.1 (high): dpkg 1.15.9 on Debian squeeze introduces support for the "C-style encoded filenames" feature without recognizing that the squeeze patch…
CVE-2011-0402 — CVSS 6.8 (medium): dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via a symlink attack on…
CVE-2014-8625 — CVSS 6.8 (medium): Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to…
CVE-2010-1679 — CVSS 6.8 (medium): Directory traversal vulnerability in dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify…
CVE-2014-3227 — CVSS 6.4 (medium): dpkg 1.15.9, 1.16.x before 1.16.14, and 1.17.x before 1.17.9 expect the patch program to be compliant with a need for the "C-style encoded…
CVE-2010-0396 — CVSS 5.8 (medium): Directory traversal vulnerability in the dpkg-source component in dpkg before 1.14.29 allows remote attackers to modify arbitrary files via…
CVE-2014-0471 — CVSS 5.0 (medium): Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8…
CVE-2015-0840 — CVSS 4.3 (medium): The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification…