CVE-2019-16680

4.3MEDIUM

Key Information:

Vendor: Gnome
Status: File-roller
Vendor: CVE Published:; 21 September 2019

Summary

An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction.

References

https://bugzilla.gnome.org/show_bug.cgi?id=794337

x_refsource_MISC

https://gitlab.gnome.org/GNOME/file-roller/commit/57268e5...

x_refsource_MISC

https://gitlab.gnome.org/GNOME/file-roller/commit/e8fb3e2...

x_refsource_MISC

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 21, 2019
Vulnerability Reserved
Sep 21, 2019