Published: 18/07/2013 Updated: 28/04/2021

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Directory traversal vulnerability in File Roller 3.6.x prior to 3.6.4, 3.8.x prior to 3.8.3, and 3.9.x prior to 3.9.3, when libarchive is used, allows remote malicious users to create arbitrary files via a crafted archive that is not properly handled in a "Keep directory structure" action, related to fr-archive-libarchive.c and fr-window.c.

Vulnerable Product	Search on Vulmon	Subscribe to Product
file roller project file roller
canonical ubuntu linux 12.10
canonical ubuntu linux 13.04

File Roller could be made to create or overwrite files ...

Directory traversal vulnerability in File Roller 36x before 364, 38x before 383, and 39x before 393, when libarchive is used, allows remote attackers to create arbitrary files via a crafted archive that is not properly handled in a "Keep directory structure" action, related to fr-archive-libarchivec and fr-windowc ...

CWE-22 http://www.ocert.org/advisories/ocert-2013-001.html http://archives.neohapsis.com/archives/bugtraq/2013-07/0039.html https://git.gnome.org/browse/file-roller/commit/?id=b147281293a8307808475e102a14857055f81631 http://secunia.com/advisories/54351 http://lists.opensuse.org/opensuse-updates/2013-07/msg00095.html http://www.ubuntu.com/usn/USN-1906-1 http://www.securityfocus.com/bid/61008 https://usn.ubuntu.com/1906-1/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2013-4668

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2013-4668

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect