Vulnerability Details CVE-2013-4668
Directory traversal vulnerability in File Roller 3.6.x before 3.6.4, 3.8.x before 3.8.3, and 3.9.x before 3.9.3, when libarchive is used, allows remote attackers to create arbitrary files via a crafted archive that is not properly handled in a "Keep directory structure" action, related to fr-archive-libarchive.c and fr-window.c.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.04
EPSS Ranking 87.9%
CVSS Severity
CVSS v2 Score 5.0
References
- http://archives.neohapsis.com/archives/bugtraq/2013-07/0039.html
- http://lists.opensuse.org/opensuse-updates/2013-07/msg00095.html
- http://secunia.com/advisories/54351
- http://www.ocert.org/advisories/ocert-2013-001.html
- http://www.securityfocus.com/bid/61008
- http://www.ubuntu.com/usn/USN-1906-1
- https://git.gnome.org/browse/file-roller/commit/?id=b147281293a8307808475e102a14857055f81631
- http://archives.neohapsis.com/archives/bugtraq/2013-07/0039.html
- http://lists.opensuse.org/opensuse-updates/2013-07/msg00095.html
- http://secunia.com/advisories/54351
- http://www.ocert.org/advisories/ocert-2013-001.html
- http://www.securityfocus.com/bid/61008
- http://www.ubuntu.com/usn/USN-1906-1
- https://git.gnome.org/browse/file-roller/commit/?id=b147281293a8307808475e102a14857055f81631
Products affected by CVE-2013-4668
-
cpe:2.3:a:file_roller_project:file_roller:3.6.0
-
cpe:2.3:a:file_roller_project:file_roller:3.6.1
-
cpe:2.3:a:file_roller_project:file_roller:3.6.1.1
-
cpe:2.3:a:file_roller_project:file_roller:3.6.2
-
cpe:2.3:a:file_roller_project:file_roller:3.6.3
-
cpe:2.3:a:file_roller_project:file_roller:3.8.0
-
cpe:2.3:a:file_roller_project:file_roller:3.8.1
-
cpe:2.3:a:file_roller_project:file_roller:3.8.2
-
cpe:2.3:a:file_roller_project:file_roller:3.9.1
-
cpe:2.3:a:file_roller_project:file_roller:3.9.2
-
cpe:2.3:o:canonical:ubuntu_linux:12.10
-
cpe:2.3:o:canonical:ubuntu_linux:13.04