Critical severity9.8NVD Advisory· Published Apr 13, 2016· Updated May 6, 2026
CVE-2016-4007
CVE-2016-4007
Description
Multiple unspecified vulnerabilities in the obs-service-extract_file package before 0.3-5.1 in openSUSE Leap 42.1 and before 0.3-3.1 in openSUSE 13.2 allow attackers to execute arbitrary commands via a service definition, related to executing unzip with "illegal options."
Affected products
6- Range: <0.3-5.1 (Leap 42.1) / <0.3-3.1 (13.2)
- osv-coords3 versionspkg:rpm/suse/build&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/obs-service-source_validator&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1pkg:rpm/suse/osc&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4
< 20171128-8.3.3+ 2 more
- (no CPE)range: < 20171128-8.3.3
- (no CPE)range: < 0.6+git20160531.fbfe336-5.3
- (no CPE)range: < 0.162.1-7.4.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- build.opensuse.org/request/show/361096nvdPatch
- lists.opensuse.org/opensuse-security-announce/2016-02/msg00046.htmlnvdVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2016-06/msg00049.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2016-06/msg00050.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2016-07/msg00019.htmlnvd
News mentions
0No linked articles in our index yet.