Search CVE reports


Toggle filters

1 – 5 of 5 results


CVE-2020-36314

Medium priority
Fixed

fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain...

1 affected package

file-roller

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
file-roller Fixed Fixed Fixed
Show less packages

CVE-2020-11736

Medium priority
Fixed

fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.

1 affected package

file-roller

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
file-roller Fixed Fixed Fixed
Show less packages

CVE-2019-16680

Medium priority
Fixed

An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction.

1 affected package

file-roller

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
file-roller Fixed Fixed
Show less packages

CVE-2016-7162

Medium priority
Fixed

The _g_file_remove_directory function in file-utils.c in File Roller 3.5.4 through 3.20.2 allows remote attackers to delete arbitrary files via a symlink attack on a folder in an archive.

1 affected package

file-roller

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
file-roller Fixed
Show less packages

CVE-2013-4668

Medium priority
Fixed

Directory traversal vulnerability in File Roller 3.6.x before 3.6.4, 3.8.x before 3.8.3, and 3.9.x before 3.9.3, when libarchive is used, allows remote attackers to create arbitrary files via a crafted archive that is not properly...

1 affected package

file-roller

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
file-roller
Show less packages