Unrated severityNVD Advisory· Published Jul 18, 2013· Updated Apr 29, 2026

CVE-2013-4668

Description

Directory traversal vulnerability in File Roller 3.6.x before 3.6.4, 3.8.x before 3.8.3, and 3.9.x before 3.9.3, when libarchive is used, allows remote attackers to create arbitrary files via a crafted archive that is not properly handled in a "Keep directory structure" action, related to fr-archive-libarchive.c and fr-window.c.

Affected products

File Roller Project/File Roller
cpe:2.3:a:file_roller_project:file_roller:*:*:*:*:*:gnome:*:*
Range: >=3.6.0,<3.6.4
Canonical/Ubuntu Linux2 versions
cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

git.gnome.org/browse/file-roller/commit/nvdPatchThird Party Advisory
secunia.com/advisories/54351nvdNot ApplicableThird Party Advisory
www.ocert.org/advisories/ocert-2013-001.htmlnvdThird Party Advisory
www.securityfocus.com/bid/61008nvdThird Party AdvisoryVDB Entry
www.ubuntu.com/usn/USN-1906-1nvdThird Party Advisory
archives.neohapsis.com/archives/bugtraq/2013-07/0039.htmlnvdBroken Link
lists.opensuse.org/opensuse-updates/2013-07/msg00095.htmlnvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000