ark
Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
Description | Archiving Tool |
Version | 24.08.3-1 [extra] |
Resolved
Group | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|
AVG-1216 | 20.08.0-1 | 20.08.0-2 | High | Fixed | |
AVG-130 | 16.12.0-1 | 16.12.1-1 | High | Fixed |
Issue | Group | Severity | Remote | Type | Description |
---|---|---|---|---|---|
CVE-2020-24654 | AVG-1216 | High | No | Arbitrary filesystem access | In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a... |
CVE-2017-5330 | AVG-130 | High | No | Arbitrary command execution | Opening an url with ark will call KRUN::runURL() which detects the mime-type of the url and runs the appropriate service for that mimetype when found. This... |
Advisories
Date | Advisory | Group | Severity | Type |
---|---|---|---|---|
03 Sep 2020 | ASA-202009-2 | AVG-1216 | High | arbitrary filesystem access |
13 Jan 2017 | ASA-201701-18 | AVG-130 | High | arbitrary command execution |