Your submission was sent successfully! Close

CVE-2013-4668

Published: 11 July 2013

Directory traversal vulnerability in File Roller 3.6.x before 3.6.4, 3.8.x before 3.8.3, and 3.9.x before 3.9.3, when libarchive is used, allows remote attackers to create arbitrary files via a crafted archive that is not properly handled in a "Keep directory structure" action, related to fr-archive-libarchive.c and fr-window.c.

Notes

AuthorNote
jdstrand
libarchive support added in 3.5.4
Priority

Medium

Status

Package Release Status
file-roller
Launchpad, Ubuntu, Debian
lucid Not vulnerable
(2.30.1.1-0ubuntu2)
precise Not vulnerable
(3.4.1-0ubuntu1)
quantal
Released (3.6.1.1-0ubuntu1.2)
raring
Released (3.6.3-1ubuntu4.1)
upstream
Released (3.8.3-1)
Patches:
upstream: https://git.gnome.org/browse/file-roller/commit/?id=b147281293a8307808475e102a14857055f81631
upstream: https://git.gnome.org/browse/file-roller/commit/?id=1e73fce51545a067767b5ba84202e73175ad0672 (3.6)