This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Gnome First view 2019-09-21
Product File-Roller Last view 2020-04-13
Version * Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:gnome:file-roller

Activity : Overall

Related : CVE

  Date Alert Description
3.9 2020-04-13 CVE-2020-11736

fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.

4.3 2019-09-21 CVE-2019-16680

An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction.

CWE : Common Weakness Enumeration

%idName
100% (2) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...