CVE-2014-9112

EPSS 1.3%

cpio - security update

Published: 12/2/2014Modified: 4/28/2026

Description

Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive.

Affected packages (3)

Debian/cpiofrom 0, < 2.11+dfsg-4
Debian/cpiofrom 0, < 2.11-4+deb6u1
Debian/cpiofrom 0, < 2.11+dfsg-0.1+deb7u1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-9112