Path Traversal Vulnerability in KDE Ark by KDE
CVE-2024-57966

5MEDIUM

Key Information:

Vendor: Kde
Status: Ark
Vendor: CVE Published:; 3 February 2025

What is CVE-2024-57966?

A vulnerability in the libarchiveplugin.cpp file of KDE Ark allows an attacker to extract files from an archive to absolute paths, potentially compromising user data. This issue affects versions of KDE Ark prior to 24.12.0, enabling malicious actors to exploit the system by crafting specially designed archives. Users are advised to upgrade to the latest version to ensure protection against this type of security flaw.

Affected Version(s)

ark 0 < 24.12.0

References

https://github.com/KDE/ark/commit/fe518d81b338941e0bf1c5c...

https://github.com/KDE/ark/compare/v24.11.90...v24.12.0

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 3, 2025
Vulnerability Reserved
Feb 3, 2025

CVE-2024-57966 Data

JSON

Kde

What is CVE-2024-57966?

Affected Version(s)

References

CVSS V3.1

Timeline