Debian File-Roller vulnerabilities

5 known vulnerabilities affecting debian/file-roller.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM2LOW2

Vulnerabilities

Page 1 of 1
CVE-2020-36314LOWCVSS 3.9fixed in file-roller 3.38.1-1 (bookworm)2020
CVE-2020-36314 [LOW] CVE-2020-36314: file-roller - fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Sh... fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for CVE-2020-11736. Scope: local bookworm: resolved (fixed in 3.38.
debian
CVE-2020-11736LOWCVSS 3.9fixed in file-roller 3.36.2-1 (bookworm)2020
CVE-2020-11736 [LOW] CVE-2020-11736: file-roller - fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Tra... fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location. Scope: local bookworm: resolved (fixed in 3.36.2-1) bullseye: resolved (fixed in 3.36.2-1) forky: resolved (fixed in 3.36.2-1) sid: res
debian
CVE-2019-16680MEDIUMCVSS 4.3fixed in file-roller 3.30.0-1 (bookworm)2019
CVE-2019-16680 [MEDIUM] CVE-2019-16680: file-roller - An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ... An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction. Scope: local bookworm: resolved (fixed in 3.30.0-1) bullseye: resolved (fixed in 3.30.0-1) forky: resolved (fixed in 3.30.0-1) sid: resolved (fixed in 3.30.0-1) trixie: re
debian
CVE-2016-7162HIGHCVSS 7.5fixed in file-roller 3.20.3-1 (bookworm)2016
CVE-2016-7162 [HIGH] CVE-2016-7162: file-roller - The _g_file_remove_directory function in file-utils.c in File Roller 3.5.4 throu... The _g_file_remove_directory function in file-utils.c in File Roller 3.5.4 through 3.20.2 allows remote attackers to delete arbitrary files via a symlink attack on a folder in an archive. Scope: local bookworm: resolved (fixed in 3.20.3-1) bullseye: resolved (fixed in 3.20.3-1) forky: resolved (fixed in 3.20.3-1) sid: resolved (fixed in 3.20.3-1) trixie: resolved
debian
CVE-2013-4668MEDIUMCVSS 5.0fixed in file-roller 3.8.3-1 (bookworm)2013
CVE-2013-4668 [MEDIUM] CVE-2013-4668: file-roller - Directory traversal vulnerability in File Roller 3.6.x before 3.6.4, 3.8.x befor... Directory traversal vulnerability in File Roller 3.6.x before 3.6.4, 3.8.x before 3.8.3, and 3.9.x before 3.9.3, when libarchive is used, allows remote attackers to create arbitrary files via a crafted archive that is not properly handled in a "Keep directory structure" action, related to fr-archive-libarchive.c and fr-window.c. Scope: local bookworm: resolved (
debian