Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2014-8625

Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name.

Related bugs and status

CVE-2014-8625 (Candidate) is related to these bugs:

Bug #1389135: dpkg / dpkg-deb segfault -- possible format string bug/vuln?

Summary				In	Importance	Status
	1389135	dpkg / dpkg-deb segfault -- possible format string bug/vuln?		dpkg (Ubuntu)	Low	Fix Released
	1389135	dpkg / dpkg-deb segfault -- possible format string bug/vuln?		dpkg (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2014110...
MLIST: [oss-security] 2014110...
MLIST: [oss-security] 2014110...
CONFIRM: https://bugs.debian.or...
CONFIRM: https://bugs.launchpad...
FEDORA: FEDORA-2015-6974
XF: dpkg-format-sting(98551)