Medium severity6.5NVD Advisory· Published Jul 13, 2018· Updated Jun 17, 2026
CVE-2018-14036
CVE-2018-14036
Description
Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb() in user.c.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
10- Range: <0.6.50
- osv-coords9 versionspkg:rpm/opensuse/accountservice&distro=openSUSE%20Tumbleweedpkg:rpm/suse/accountsservice&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/accountsservice&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015pkg:rpm/suse/accountsservice&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/accountsservice&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/accountsservice&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/accountsservice&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/accountsservice&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/accountsservice&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
< 0.6.55-8.2+ 8 more
- (no CPE)range: < 0.6.55-8.2
- (no CPE)range: < 0.6.42-16.8.3
- (no CPE)range: < 0.6.45-6.7.6
- (no CPE)range: < 0.6.42-16.8.3
- (no CPE)range: < 0.6.42-16.8.3
- (no CPE)range: < 0.6.42-16.8.3
- (no CPE)range: < 0.6.42-16.8.3
- (no CPE)range: < 0.6.42-16.8.3
- (no CPE)range: < 0.6.42-16.8.3
Patches
Vulnerability mechanics
References
5- cgit.freedesktop.org/accountsservice/commit/nvdPatchThird Party Advisory
- www.openwall.com/lists/oss-security/2018/07/02/2nvdExploitMailing ListThird Party Advisory
- bugs.freedesktop.org/show_bug.cginvdExploitThird Party Advisory
- bugzilla.suse.com/show_bug.cginvdExploitIssue TrackingThird Party Advisory
- www.securityfocus.com/bid/104757nvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.