CVE-2013-4668 — Path Traversal in Roller Project File Roller

CWE-22 — Path Traversal8 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

1.3%

top 20.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gnome File-roller File Roller Project File Roller Debian File-roller +1 more

Timeline

PublishedJul 18

Latest updateMay 13

Description

Directory traversal vulnerability in File Roller 3.6.x before 3.6.4, 3.8.x before 3.8.3, and 3.9.x before 3.9.3, when libarchive is used, allows remote attackers to create arbitrary files via a crafted archive that is not properly handled in a "Keep directory structure" action, related to fr-archive-libarchive.c and fr-window.c.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/file-roller< file-roller 3.8.3-1 (bookworm)

▶NVDfile_roller_project/file_roller3.6.0 — 3.6.4+2

▶Debiangnome/file-roller< 3.8.3-1+3

Also affects: Ubuntu Linux 12.10, 13.04

Patches

Patch: git.gnome.org ↗Patch: git.gnome.org ↗

🔴Vulnerability Details

GHSA

GHSA-g2xw-w8v5-q99p: Directory traversal vulnerability in File Roller 3↗2022-05-13

▶

OSV

CVE-2013-4668: Directory traversal vulnerability in File Roller 3↗2013-07-18

▶

📋Vendor Advisories

Ubuntu

File Roller vulnerability↗2013-07-16

▶

Red Hat

file-roller: path sanitization errors↗2013-07-08

▶

Debian

CVE-2013-4668: file-roller - Directory traversal vulnerability in File Roller 3.6.x before 3.6.4, 3.8.x befor...↗2013

▶

💬Community

Bugzilla

file-roller: CVE-2013-4668 file-roller: path sanitization errors [fedora-all]↗2013-07-08

▶

Bugzilla

CVE-2013-4668 file-roller: path sanitization errors↗2013-07-04

▶