Releases417
Frequency3 weeks 3 days
Last Release
Stars143
File archiver by KDE

CVE History

CVEAffectedPublishedCVSS v3CVSS v2
5 MEDIUM

libarchiveplugin.cpp in KDE ark before 24.12.0 can extract to an absolute path from an archive.

< 20.08.13.3 LOW4.3 MEDIUM

In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory.

< 20.08.03.3 LOW4.3 MEDIUM

In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal.

<= 16.126.8 MEDIUM

ark before 16.12.1 might allow remote attackers to execute arbitrary code via an executable in an archive, related to associated applications.

<= 2.176.8 MEDIUM

Directory traversal vulnerability in Ark 4.7.x and earlier allows remote attackers to delete and force the display of arbitrary files via .. (dot dot) sequences in a zip file.