In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory.
Max CVSS
4.3
EPSS Score
0.25%
Published
2020-09-02
Updated
2022-09-12
In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal.
Max CVSS
4.3
EPSS Score
0.13%
Published
2020-08-03
Updated
2022-09-12
ark before 16.12.1 might allow remote attackers to execute arbitrary code via an executable in an archive, related to associated applications.
Max CVSS
7.8
EPSS Score
1.65%
Published
2017-03-27
Updated
2017-03-31
Directory traversal vulnerability in Ark 4.7.x and earlier allows remote attackers to delete and force the display of arbitrary files via .. (dot dot) sequences in a zip file.
Max CVSS
6.8
EPSS Score
0.64%
Published
2014-02-04
Updated
2018-10-30
4 vulnerabilities found