CVE-2013-4668

high

Description

Directory traversal vulnerability in File Roller 3.6.x before 3.6.4, 3.8.x before 3.8.3, and 3.9.x before 3.9.3, when libarchive is used, allows remote attackers to create arbitrary files via a crafted archive that is not properly handled in a "Keep directory structure" action, related to fr-archive-libarchive.c and fr-window.c.

References

https://git.gnome.org/browse/file-roller/commit/?id=b147281293a8307808475e102a14857055f81631

http://www.ubuntu.com/usn/USN-1906-1

http://www.securityfocus.com/bid/61008

http://www.ocert.org/advisories/ocert-2013-001.html

http://secunia.com/advisories/54351

Details

Source: Mitre, NVD

Published: 2013-07-18

Updated: 2021-04-28

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity: High