CVE-2020-24654

🗓️ 02 Sep 2020 16:22:10Reported by mitreType

KDE Ark before 20.08.1 allows installation of files outside extraction directory via crafted TAR archive with symlinks.

Reporter	Title	Published	Views	Family All 51
FreeBSD	ark -- extraction outside of extraction directory	27 Aug 202000:00	–	freebsd
AlpineLinux	CVE-2020-24654	2 Sep 202016:22	–	alpinelinux
ArchLinux	[ASA-202009-2] ark: arbitrary filesystem access	3 Sep 202000:00	–	archlinux
BDU FSTEC	The vulnerability in the `emitEntryFromArchiveEntry` function in the `libarchiveplugin.cpp` of the Ark archiver, related to incorrect definition of references before accessing the file, allows a attacker to compromise data integrity.	30 Mar 202100:00	–	bdu_fstec
Cvelist	CVE-2020-24654	2 Sep 202016:22	–	cvelist
Debian	[SECURITY] [DLA 3015-1] ark security update	20 May 202212:06	–	debian
Debian	[SECURITY] [DSA 4759-1] ark security update	4 Sep 202019:14	–	debian
Debian	[SECURITY] [DSA 4759-1] ark security update	4 Sep 202019:14	–	debian
Debian CVE	CVE-2020-24654	2 Sep 202016:22	–	debiancve
Tenable Nessus	Debian DLA-3015-1 : ark - LTS security update	23 May 202200:00	–	nessus

NVD

Node

kde arkRange<20.08.1

Node

Node

Node

Source	Link
kde	www.kde.org/info/security/advisory-20200827-1.txt
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJOZ6YRNPZX5MJGVBMOCOA7N6Z4EU2OK/
lists	www.lists.debian.org/debian-lts-announce/2022/05/msg00026.html
debian	www.debian.org/security/2020/dsa-4759
security	www.security.gentoo.org/glsa/202010-06
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LXMMXNJDYOCJRZTESIUGHG6CS4RJKECX/
bugzilla	www.bugzilla.suse.com/show_bug.cgi
security	www.security.gentoo.org/glsa/202101-06
usn	www.usn.ubuntu.com/4482-1/
github	www.github.com/KDE/ark/commit/8bf8c5ef07b0ac5e914d752681e470dea403a5bd

17 Jun 2026 03:05Current

3.5Low risk

Vulners AI Score3.5

CVSS 3.13.3

CVSS 24.3

EPSS0.01496