Download
| Alert*
oval:org.secpod.oval:def:67074
ark: archive utility Ark could be made to write files as your login if it opened a specially crafted file. oval:org.secpod.oval:def:66733 Dominik Penner discovered that the Ark archive manager did not sanitise extraction paths, which could result in maliciously crafted archives writing outside the extraction directory. oval:org.secpod.oval:def:118582 Ark is a program for managing various archive formats. Archives can be viewed, extracted, created and modified from within Ark. The program can handle various formats such as tar, gzip, bzip2, zip, rar and lha . oval:org.secpod.oval:def:1801747 In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal. oval:org.secpod.oval:def:604979 Dominik Penner discovered that the Ark archive manager did not sanitise extraction paths, which could result in maliciously crafted archives writing outside the extraction directory. oval:org.secpod.oval:def:705582 ark: archive utility Ark could be made to write files as your login if it opened a specially crafted file. |