Kde Ark vulnerabilities

CVE-2024-57966 [MEDIUM] CWE-36 CVE-2024-57966: libarchiveplugin.cpp in KDE ark before 24.12.0 can extract to an absolute path from an archive. libarchiveplugin.cpp in KDE ark before 24.12.0 can extract to an absolute path from an archive.

CVE-2020-24654 [LOW] CWE-59 CVE-2020-24654: In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extract In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory.

CVE-2020-16116 [LOW] CWE-22 CVE-2020-16116: In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the ext In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal.

CVE-2017-5330 [HIGH] CWE-78 CVE-2017-5330: ark before 16.12.1 might allow remote attackers to execute arbitrary code via an executable in an ar ark before 16.12.1 might allow remote attackers to execute arbitrary code via an executable in an archive, related to associated applications.

CVE-2011-2725 [MEDIUM] CWE-22 CVE-2011-2725: Directory traversal vulnerability in Ark 4.7.x and earlier allows remote attackers to delete and for Directory traversal vulnerability in Ark 4.7.x and earlier allows remote attackers to delete and force the display of arbitrary files via .. (dot dot) sequences in a zip file.