2 matches found
CVE-2024-25711
CVE-2024-25711 affects diffoscope before 256. The vulnerability arises from trusting the gpg --use-embedded-filenames option, enabling directory traversal via an embedded filename in a GPG file. Exploitation would disclose contents of arbitrary files (e.g., ../.ssh/id_rsa). Impact is information ...
CVE-2017-0359
Diffoscope is vulnerable to arbitrary file overwrite: versions before 77-1 may write to arbitrary locations on disk based on untrusted archive contents. Upstream fix shipped in 77; advisories (Arch Linux ASA-201702-14, Fedora updates, Debian/CVE records) note upgrade to 77-1 or newer to mitigate....