{"id":"UBUNTU-CVE-2015-1191","details":"Multiple directory traversal vulnerabilities in pigz 2.3.1 allow remote attackers to write to arbitrary files via a (1) full pathname or (2) .. (dot dot) in an archive.","modified":"2025-07-18T16:43:09Z","published":"2015-01-21T18:59:00Z","upstream":["CVE-2015-1191"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-1191"},{"type":"REPORT","url":"https://github.com/madler/pigz/commit/fdad1406b3ec809f4954ff7cdf9e99eb18c2458f"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2015-1191"}],"affected":[{"package":{"name":"pigz","ecosystem":"Ubuntu:Pro:14.04:LTS","purl":"pkg:deb/ubuntu/pigz@2.3-2ubuntu0.1~esm1?arch=source&distro=trusty/esm"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.3-2ubuntu0.1~esm1"}]}],"versions":["2.2.4-3","2.3-2"],"ecosystem_specific":{"binaries":[{"binary_name":"pigz","binary_version":"2.3-2ubuntu0.1~esm1"}],"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2015/UBUNTU-CVE-2015-1191.json"}}],"schema_version":"1.7.3","severity":[{"type":"Ubuntu","score":"medium"}]}