Path Traversal Vulnerability in GNOME File-Roller Affects Multiple Versions
CVE-2019-16680

4.3MEDIUM

Key Information:

Vendor

Gnome
Status
File-roller
Vendor
CVE Published:
21 September 2019

What is CVE-2019-16680?

A vulnerability in GNOME File-Roller allows attackers to exploit a path traversal flaw when extracting files from a TAR archive. This issue, present in versions before 3.29.91, permits a crafted filename with a './../' sequence to overwrite files on the system, potentially leading to data loss or system compromise.

References

https://bugzilla.gnome.org/show_bug.cgi?id=794337
x_refsource_MISC
https://gitlab.gnome.org/GNOME/file-roller/commit/57268e5...
x_refsource_MISC
https://gitlab.gnome.org/GNOME/file-roller/commit/e8fb3e2...
x_refsource_MISC

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.