{"id":"CVE-2014-9357","details":"Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build in a Dockerfile in an LZMA (.xz) archive, related to the chroot for archive extraction.","aliases":["GHSA-997c-fj8j-rq5h","GO-2022-0640"],"modified":"2026-04-10T03:44:49.551700Z","published":"2014-12-16T18:59:15Z","related":["CGA-438w-f97c-c9v3","SUSE-SU-2025:03540-1","SUSE-SU-2025:03545-1","openSUSE-SU-2024:10532-1","openSUSE-SU-2025:15589-1"],"references":[{"type":"WEB","url":"http://www.securityfocus.com/archive/1/534215/100/0/threaded"},{"type":"WEB","url":"https://groups.google.com/forum/#%21msg/docker-user/nFAz-B-n4Bw/0wr3wvLsnUwJ"}],"schema_version":"1.7.5"}