Description
Directory traversal vulnerability in File Roller 3.6.x before 3.6.4, 3.8.x before 3.8.3, and 3.9.x before 3.9.3, when libarchive is used, allows remote attackers to create arbitrary files via a crafted archive that is not properly handled in a "Keep directory structure" action, related to fr-archive-libarchive.c and fr-window.c.
References (7)
Core 7
Core References
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1906-1
Broken Link vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-07/msg00095.html
Third Party Advisory x_refsource_misc
http://www.ocert.org/advisories/ocert-2013-001.html
Patch, Third Party Advisory x_refsource_confirm
https://git.gnome.org/browse/file-roller/commit/?id=b147281293a8307808475e102a14857055f81631
Not Applicable, Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/54351
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/61008
Broken Link mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2013-07/0039.html
Scores
EPSS
0.0431
EPSS Percentile
90.0%
Details
CWE
CWE-22
Status
published
Products (3)
canonical/ubuntu_linux
12.10
canonical/ubuntu_linux
13.04
file_roller_project/file_roller
3.6.0 - 3.6.4
Published
Jul 18, 2013
Tracked Since
Feb 18, 2026