0.011 Low
EPSS
Percentile
84.5%
Open-source ARJ archiver 3.10.22 does not properly remove leading slashes from paths, which allows remote attackers to conduct absolute path traversal attacks and write to arbitrary files via multiple leading slashes in a path in an ARJ archive.
launchpad.net/bugs/cve/CVE-2015-0557
nvd.nist.gov/vuln/detail/CVE-2015-0557
security-tracker.debian.org/tracker/CVE-2015-0557
www.cve.org/CVERecord?id=CVE-2015-0557