Arbitrary File Write Vulnerability in KDE Ark by KDE

CVE-2020-24654

What is CVE-2020-24654?

In KDE Ark versions before 20.08.1, a vulnerability allows attackers to exploit crafted TAR archives containing symbolic links. This flaw can lead to unauthorized write operations, enabling files to be installed outside of the intended extraction directory, including sensitive areas like a user's home directory. This poses a significant risk as it may allow malicious users to overwrite important files or introduce harmful payloads.

References