Debian Aide vulnerabilities

CVE-2025-54389 [MEDIUM] CVE-2025-54389: aide - AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, th... AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability in AIDE. An attacker can craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and/or tamper with the log output. A local user might exploit this to bypass the AI

CVE-2025-54409 [MEDIUM] CVE-2025-54409: aide - AIDE is an advanced intrusion detection environment. From versions 0.13 to 0.19.... AIDE is an advanced intrusion detection environment. From versions 0.13 to 0.19.1, there is a null pointer dereference vulnerability in AIDE. An attacker can crash the program during report printing or database listing after setting extended file attributes with an empty attribute value or with a key containing a comma. A local user might exploit this to cause a loca

CVE-2021-45417 [HIGH] CVE-2021-45417: aide - AIDE before 0.17.4 allows local users to obtain root privileges via crafted file... AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow. Scope: local bookworm: resolved (fixed in 0.17.4-1) bullseye: resolved (fixed in 0.17.3-4+deb11u1) forky: resolved (fixed in 0.17.4-1) sid: resolved (fixed in 0.17.4-1) trixie: resolved (fixe

CVE-2005-2096 [HIGH] CVE-2005-2096: aide - zlib 1.2 and later versions allows remote attackers to cause a denial of service... zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file. Scope: local bookworm: resolved (fixed in 0.10-6.1.1) bullseye: resolved (fixed in 0.10-6.1.1) forky: resolved (