CVE-2026-2219

ADVISORY - ubuntu

Summary

It was discovered that dpkg-deb (a component of dpkg, the Debian package management system) does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service (infinite loop spinning the CPU).

EPSS Score⁠: 0.00019 (0.053)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-835⁠

Loop with Unreachable Exit Condition ('Infinite Loop')

Impacted images

Advisories

Ubuntu

CREATED

3 months ago

UPDATED

1 month ago

ADVISORY IDCVE-2026-2219⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Package	Type	OS Name	OS Version	Affected Ranges	Fix Versions
ubuntu/dpkg	deb	ubuntu	24.04	>=0	Not yet available

Severity and metrics

No CVSS data available from this advisory.

NIST

CREATED

3 months ago

UPDATED

5 days ago

ADVISORY IDCVE-2026-2219⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-835⁠

CVSS SCORE

7.5high

Alpine

CREATED

2 months ago

UPDATED

5 days ago

ADVISORY IDCVE-2026-2219⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

3 months ago

UPDATED

22 days ago

ADVISORY IDCVE-2026-2219⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow