Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x prior to 1.16.17 and 1.17.x prior to 1.17.26 allows remote malicious users to execute arbitrary code via the archive magic version number in an "old-style" Debian binary package, which triggers a stack-based buffer overflow.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 12.04 |
||
canonical ubuntu linux 15.10 |
||
canonical ubuntu linux 15.04 |
||
debian dpkg 1.16.0.3 |
||
debian dpkg 1.16.1 |
||
debian dpkg 1.16.4 |
||
debian dpkg 1.16.4.1 |
||
debian dpkg 1.16.9 |
||
debian dpkg 1.16.15 |
||
debian dpkg 1.17.6 |
||
debian dpkg 1.17.7 |
||
debian dpkg 1.17.15 |
||
debian dpkg 1.17.16 |
||
debian dpkg 1.17.23 |
||
debian dpkg 1.17.24 |
||
debian dpkg 1.16.1.1 |
||
debian dpkg 1.16.1.2 |
||
debian dpkg 1.16.4.2 |
||
debian dpkg 1.16.4.3 |
||
debian dpkg 1.17.0 |
||
debian dpkg 1.17.1 |
||
debian dpkg 1.17.8 |
||
debian dpkg 1.17.9 |
||
debian dpkg 1.17.10 |
||
debian dpkg 1.17.17 |
||
debian dpkg 1.17.18 |
||
debian dpkg 1.17.25 |
||
debian dpkg 1.16.0.1 |
||
debian dpkg 1.16.0.2 |
||
debian dpkg 1.16.2 |
||
debian dpkg 1.16.3 |
||
debian dpkg 1.16.7 |
||
debian dpkg 1.16.8 |
||
debian dpkg 1.17.4 |
||
debian dpkg 1.17.5 |
||
debian dpkg 1.17.13 |
||
debian dpkg 1.17.14 |
||
debian dpkg 1.17.21 |
||
debian dpkg 1.17.22 |
||
debian dpkg 1.16.0 |
||
debian dpkg 1.16.10 |
||
debian dpkg 1.16.11 |
||
debian dpkg 1.16.12 |
||
debian dpkg 1.16.5 |
||
debian dpkg 1.16.6 |
||
debian dpkg 1.17.2 |
||
debian dpkg 1.17.3 |
||
debian dpkg 1.17.11 |
||
debian dpkg 1.17.12 |
||
debian dpkg 1.17.19 |
||
debian dpkg 1.17.20 |
Vulmon