CVE-2014-0471

EPSS 0.24%

dpkg - security update

Published: 4/30/2014Modified: 4/28/2026

Description

Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to "C-style filename quoting."

Affected packages (2)

Debian/dpkgfrom 0, < 1.17.8
Debian/dpkgfrom 0, < 1.15.9

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-0471