Unrated severityNVD Advisory· Published Mar 1, 2005· Updated Apr 16, 2026

CVE-2004-1027

Description

Directory traversal vulnerability in the -x (extract) command line option in unarj allows remote attackers to overwrite arbitrary files via an arj archive with filenames that contain .. (dot dot) sequences.

Affected products

Arjsoftware/Unarj4 versions
cpe:2.3:a:arjsoftware:unarj:2.62:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:arjsoftware:unarj:2.62:*:*:*:*:*:*:*
- cpe:2.3:a:arjsoftware:unarj:2.63:a:*:*:*:*:*:*
- cpe:2.3:a:arjsoftware:unarj:2.64:*:*:*:*:*:*:*
- cpe:2.3:a:arjsoftware:unarj:2.65:*:*:*:*:*:*:*
Gentoo/Linux
cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*
Debian/Debian Linux
cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/11436nvdPatchThird Party AdvisoryVDB EntryVendor Advisory
lists.grok.org.uk/pipermail/full-disclosure/2004-October/027348.htmlnvdThird Party Advisory
lwn.net/Articles/121827/nvdThird Party Advisory
security.gentoo.org/glsa/glsa-200411-29.xmlnvdThird Party Advisory
www.debian.org/security/2005/dsa-628nvdThird Party Advisory
www.debian.org/security/2005/dsa-652nvdThird Party Advisory
www.redhat.com/support/errata/RHSA-2005-007.htmlnvdThird Party Advisory
exchange.xforce.ibmcloud.com/vulnerabilities/17684nvdVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.005
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000