In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory.
CVSS Score
3.3
EPSS Score
0.003
Published
2020-09-02
In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal.
CVSS Score
3.3
EPSS Score
0.003
Published
2020-08-03
ark before 16.12.1 might allow remote attackers to execute arbitrary code via an executable in an archive, related to associated applications.
CVSS Score
7.8
EPSS Score
0.012
Published
2017-03-27
Directory traversal vulnerability in Ark 4.7.x and earlier allows remote attackers to delete and force the display of arbitrary files via .. (dot dot) sequences in a zip file.
CVSS Score
6.8
EPSS Score
0.006
Published
2014-02-04