CVE-2015-0557
ARJ Archiver < 3.10.22 - Path Traversal and Arbitrary File Write via Leading Slashes
Title source: llmDescription
Open-source ARJ archiver 3.10.22 does not properly remove leading slashes from paths, which allows remote attackers to conduct absolute path traversal attacks and write to arbitrary files via multiple leading slashes in a path in an ARJ archive.
References (10)
Core 10
Core References
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2015:201
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154605.html
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/01/05/9
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201612-15
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/01/03/5
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155011.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2015/dsa-3213
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154518.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/71895
Exploit x_refsource_confirm
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774435
Scores
EPSS
0.0337
EPSS Percentile
87.3%
Details
CWE
CWE-22
Status
published
Products (4)
arj_software/arj_archiver
< 3.10.22
fedoraproject/fedora
20
fedoraproject/fedora
21
fedoraproject/fedora
22
Published
Apr 08, 2015
Tracked Since
Feb 18, 2026