The _g_file_remove_directory function in file-utils.c in File Roller 3.5.4 up to and including 3.20.2 allows remote malicious users to delete arbitrary files via a symlink attack on a folder in an archive.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 16.04 |
||
file roller project file roller 3.5.4 |
||
file roller project file roller 3.6.0 |
||
file roller project file roller 3.6.1 |
||
file roller project file roller 3.6.1.1 |
||
file roller project file roller 3.6.2 |
||
file roller project file roller 3.6.3 |
||
file roller project file roller 3.6.4 |
||
file roller project file roller 3.8.0 |
||
file roller project file roller 3.8.1 |
||
file roller project file roller 3.8.2 |
||
file roller project file roller 3.8.3 |
||
file roller project file roller 3.9.0 |
||
file roller project file roller 3.9.1 |
||
file roller project file roller 3.9.2 |
||
file roller project file roller 3.9.3 |
||
file roller project file roller 3.10 |
||
file roller project file roller 3.15 |
||
file roller project file roller 3.20 |
||
file roller project file roller 3.20.1 |
||
file roller project file roller 3.20.2 |