Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
Debian Package Manager Fails to Properly Uncompress Files
CVE-2026-2219
Summary
A bug in the Debian package manager can cause it to freeze or crash when handling certain compressed files, potentially leaving your system unusable. This issue affects Debian package installations and updates. To avoid issues, update your package manager to the latest version or use a different compression method for package files.
Original title
It was discovered that dpkg-deb (a component of dpkg, the Debian package management system) does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, ...
Original description
It was discovered that dpkg-deb (a component of dpkg, the Debian package management system) does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service (infinite loop spinning the CPU).
Vulnerability type
CWE-835
Published: 7 Mar 2026 · Updated: 13 Mar 2026 · First seen: 7 Mar 2026