ark

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Archiving Tool
Version 24.08.3-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1216 20.08.0-1 20.08.0-2 High Fixed
AVG-130 16.12.0-1 16.12.1-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2020-24654 AVG-1216 High No Arbitrary filesystem access
In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a...
CVE-2017-5330 AVG-130 High No Arbitrary command execution
Opening an url with ark will call KRUN::runURL() which detects the mime-type of the url and runs the appropriate service for that mimetype when found. This...

Advisories

Date Advisory Group Severity Type
03 Sep 2020 ASA-202009-2 AVG-1216 High arbitrary filesystem access
13 Jan 2017 ASA-201701-18 AVG-130 High arbitrary command execution