4 matches found
CVE-2020-16116
CVE-2020-16116 affects KDE Ark prior to version 20.08.0, where kerfuffle/jobs.cpp does not sanitize extraction paths, allowing a crafted archive to write outside the extraction directory via a ../ path traversal. The impact is potential writing of files outside the target directory, with follow-o...
CVE-2020-24654
KDE Ark (ark) before version 20.08.1 is vulnerable to a local privilege/fs access issue: a crafted TAR archive containing symlinks can cause files to be written outside the extraction directory, demonstrated by a write to a user’s home directory. Root cause is inadequate sanitization of extractio...
CVE-2011-2725
CVE-2011-2725 is a directory traversal vulnerability in Ark 4.7.x and earlier. A malicious zip file containing ".." sequences can cause remote attackers to delete or force the display of arbitrary files. Several advisories reference an Ark path traversal vulnerability (ARK) and cite the same CVE,...
CVE-2017-5330
CVE-2017-5330 (Ark) affects Ark, a graphical archive manager. The vulnerability arises when Ark handles executable files within archives; it could execute a malicious script if the file has the executable bit set and is opened, due to Ark not clearly indicating executables. This could allow arbit...