ark
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | Archiving Tool |
| Version | 24.08.3-1 [extra] |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-1216 | 20.08.0-1 | 20.08.0-2 | High | Fixed | |
| AVG-130 | 16.12.0-1 | 16.12.1-1 | High | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2020-24654 | AVG-1216 | High | No | Arbitrary filesystem access | In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a... |
| CVE-2017-5330 | AVG-130 | High | No | Arbitrary command execution | Opening an url with ark will call KRUN::runURL() which detects the mime-type of the url and runs the appropriate service for that mimetype when found. This... |
Advisories
| Date | Advisory | Group | Severity | Type |
|---|---|---|---|---|
| 03 Sep 2020 | ASA-202009-2 | AVG-1216 | High | arbitrary filesystem access |
| 13 Jan 2017 | ASA-201701-18 | AVG-130 | High | arbitrary command execution |