VYPR

Ark

by KDE

Source repositories

CVEs (5)

  • CVE-2017-5330HigMar 27, 2017
    risk 0.51cvss 7.8epss 0.03

    ark before 16.12.1 might allow remote attackers to execute arbitrary code via an executable in an archive, related to associated applications.

  • CVE-2024-57966MedFeb 3, 2025
    risk 0.26cvss 5.0epss 0.00

    libarchiveplugin.cpp in KDE ark before 24.12.0 can extract to an absolute path from an archive.

  • CVE-2020-24654Sep 2, 2020
    risk 0.00cvss epss 0.01

    In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory.

  • CVE-2020-16116Aug 3, 2020
    risk 0.00cvss epss 0.02

    In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal.

  • CVE-2011-2725Feb 4, 2014
    risk 0.00cvss epss 0.03

    Directory traversal vulnerability in Ark 4.7.x and earlier allows remote attackers to delete and force the display of arbitrary files via .. (dot dot) sequences in a zip file.