Your submission was sent successfully! Close

CVE-2019-16680

Published: 21 September 2019

An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction.

Priority

Medium

CVSS 3 base score: 4.3

Status

Package Release Status
file-roller
Launchpad, Ubuntu, Debian
bionic
Released (3.28.0-1ubuntu1.1)
disco Not vulnerable
(3.32.1-1)
precise Does not exist

trusty Does not exist

upstream
Released (3.30.0-1)
xenial
Released (3.16.5-0ubuntu1.3)