Your submission was sent successfully! Close

CVE-2016-7162

Published: 8 September 2016

The _g_file_remove_directory function in file-utils.c in File Roller 3.5.4 through 3.20.2 allows remote attackers to delete arbitrary files via a symlink attack on a folder in an archive.

Notes

AuthorNote
tyhicks
Affected releases are 3.5.4 through 3.20.2
Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
file-roller
Launchpad, Ubuntu, Debian
precise Not vulnerable
(3.4.1-0ubuntu1)
trusty Does not exist
(trusty was released [3.10.2.1-0ubuntu4.2])
upstream
Released (3.20.3)
xenial
Released (3.16.5-0ubuntu1.2)
Patches:
upstream: https://git.gnome.org/browse/file-roller/commit/?id=f70be1f41688859ec8dbe266df35a1839ceb96c5