VYPR

File Roller

by File Roller Project

Source repositories

CVEs (5)

  • CVE-2016-7162HigSep 26, 2016
    risk 0.49cvss 7.5epss 0.03

    The _g_file_remove_directory function in file-utils.c in File Roller 3.5.4 through 3.20.2 allows remote attackers to delete arbitrary files via a symlink attack on a folder in an archive.

  • CVE-2020-36314Apr 7, 2021
    risk 0.00cvss epss 0.01

    fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of…

  • CVE-2020-11736Apr 13, 2020
    risk 0.00cvss epss 0.01

    fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.

  • CVE-2019-16680Sep 21, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction.

  • CVE-2013-4668Jul 18, 2013
    risk 0.00cvss epss 0.04

    Directory traversal vulnerability in File Roller 3.6.x before 3.6.4, 3.8.x before 3.8.3, and 3.9.x before 3.9.3, when libarchive is used, allows remote attackers to create arbitrary files via a crafted archive that is not properly handled in a "Keep directory structure" action,…