CVE-2013-4668

File Roller <3.6.4, <3.8.3, <3.9.3 - Path Traversal

Title source: llm
STIX 2.1

Description

Directory traversal vulnerability in File Roller 3.6.x before 3.6.4, 3.8.x before 3.8.3, and 3.9.x before 3.9.3, when libarchive is used, allows remote attackers to create arbitrary files via a crafted archive that is not properly handled in a "Keep directory structure" action, related to fr-archive-libarchive.c and fr-window.c.

References (7)

Core 7
Core References
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1906-1
Broken Link vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-07/msg00095.html
Third Party Advisory x_refsource_misc
http://www.ocert.org/advisories/ocert-2013-001.html
Not Applicable, Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/54351
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/61008
Broken Link mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2013-07/0039.html

Scores

EPSS 0.0431
EPSS Percentile 90.0%

Details

CWE
CWE-22
Status published
Products (3)
canonical/ubuntu_linux 12.10
canonical/ubuntu_linux 13.04
file_roller_project/file_roller 3.6.0 - 3.6.4
Published Jul 18, 2013
Tracked Since Feb 18, 2026