Releases417
Frequency3 weeks 3 days
Last Release
Stars143
File archiver by KDE
CVE History
| CVE | Affected | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|---|
| — | 5 MEDIUM | — | ||
libarchiveplugin.cpp in KDE ark before 24.12.0 can extract to an absolute path from an archive. | ||||
| < 20.08.1 | 3.3 LOW | 4.3 MEDIUM | ||
In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory. | ||||
| < 20.08.0 | 3.3 LOW | 4.3 MEDIUM | ||
In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal. | ||||
| <= 16.12 | — | 6.8 MEDIUM | ||
ark before 16.12.1 might allow remote attackers to execute arbitrary code via an executable in an archive, related to associated applications. | ||||
| <= 2.17 | — | 6.8 MEDIUM | ||
Directory traversal vulnerability in Ark 4.7.x and earlier allows remote attackers to delete and force the display of arbitrary files via .. (dot dot) sequences in a zip file. | ||||