Vulnerability Details CVE-2026-2219
It was discovered that dpkg-deb (a component of dpkg, the Debian package management system) does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service (infinite loop spinning the CPU).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 5.3%
CVSS Severity
CVSS v3 Score 7.5
References
Products affected by CVE-2026-2219
-
cpe:2.3:a:debian:dpkg:1.21.18
-
cpe:2.3:a:debian:dpkg:1.21.19
-
cpe:2.3:a:debian:dpkg:1.21.20
-
cpe:2.3:a:debian:dpkg:1.21.21
-
cpe:2.3:a:debian:dpkg:1.21.22
-
cpe:2.3:a:debian:dpkg:1.22.0
-
cpe:2.3:a:debian:dpkg:1.22.1
-
cpe:2.3:a:debian:dpkg:1.22.10
-
cpe:2.3:a:debian:dpkg:1.22.11
-
cpe:2.3:a:debian:dpkg:1.22.12
-
cpe:2.3:a:debian:dpkg:1.22.13
-
cpe:2.3:a:debian:dpkg:1.22.14
-
cpe:2.3:a:debian:dpkg:1.22.15
-
cpe:2.3:a:debian:dpkg:1.22.16
-
cpe:2.3:a:debian:dpkg:1.22.17
-
cpe:2.3:a:debian:dpkg:1.22.18
-
cpe:2.3:a:debian:dpkg:1.22.19
-
cpe:2.3:a:debian:dpkg:1.22.2
-
cpe:2.3:a:debian:dpkg:1.22.20
-
cpe:2.3:a:debian:dpkg:1.22.21
-
cpe:2.3:a:debian:dpkg:1.22.3
-
cpe:2.3:a:debian:dpkg:1.22.4
-
cpe:2.3:a:debian:dpkg:1.22.5
-
cpe:2.3:a:debian:dpkg:1.22.6
-
cpe:2.3:a:debian:dpkg:1.22.7
-
cpe:2.3:a:debian:dpkg:1.22.8
-
cpe:2.3:a:debian:dpkg:1.22.9
-
cpe:2.3:a:debian:dpkg:1.23.0
-
cpe:2.3:a:debian:dpkg:1.23.1
-
cpe:2.3:a:debian:dpkg:1.23.2
-
cpe:2.3:a:debian:dpkg:1.23.3
-
cpe:2.3:a:debian:dpkg:1.23.4
-
cpe:2.3:a:debian:dpkg:1.23.5