VDB

GCVE-VVD-MAGEIA-2025-204

GCVE-VVD-MAGEIA-2025-204
Advisory Published
Vulnetix · Advisory published July 11, 2025
It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions.
Download JSON Open in Console

Affected Products

VendorProductVersionsPlatforms
Mageiadpkg0 (affected), 1.22.21-1.mga9 (unaffected)

Aliases

CVE-2025-6297

Transitive aliases

VVD-CESS-2025-6297VVD-CISA-2025-6297AZL-64641EUVD-2025-19670BDU:2025-11256GHSA-w56q-6jw5-h5xf

References

Updated dpkg packages fix security vulnerabilities
advisory
Updated dpkg packages fix security vulnerabilities
issue
Updated dpkg packages fix security vulnerabilities
issue

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›