Path Traversal Vulnerability in KDE Ark by KDE
CVE-2024-57966

5MEDIUM

Key Information:

Vendor: Kde
Status: Ark
Vendor: CVE Published:; 3 February 2025

What is CVE-2024-57966?

A vulnerability in the libarchiveplugin.cpp file of KDE Ark allows an attacker to extract files from an archive to absolute paths, potentially compromising user data. This issue affects versions of KDE Ark prior to 24.12.0, enabling malicious actors to exploit the system by crafting specially designed archives. Users are advised to upgrade to the latest version to ensure protection against this type of security flaw.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

ark 0 < 24.12.0

References

https://github.com/KDE/ark/commit/fe518d81b338941e0bf1c5c...

https://github.com/KDE/ark/compare/v24.11.90...v24.12.0

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 3, 2025
Vulnerability Reserved
Feb 3, 2025

JSON

Kde

What is CVE-2024-57966?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.