CVE-2024-57966

Name
CVE-2024-57966
Description
libarchiveplugin.cpp in KDE ark before 24.12.0 can extract to an absolute path from an archive.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
cve@mitre.org https://github.com/KDE/ark/commit/fe518d81b338941e0bf1c5ce5e75a9ab6de4bb58
cve@mitre.org https://github.com/KDE/ark/compare/v24.11.90...v24.12.0
af854a3a-2127-422b-91ae-364da2661108 https://lists.debian.org/debian-lts-announce/2025/02/msg00007.html

Match rules

CPE URI Source package Min version Max version
ark >= 0 < 24.12.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
ark edge-community 24.08.3-r0 team/kde <bribbers@disroot.org> possibly vulnerable
ark edge-community 20.08.0-r1 None possibly vulnerable
ark edge-community 20.04.3-r1 None possibly vulnerable
ark 3.22-community 24.08.3-r0 team/kde <bribbers@disroot.org> possibly vulnerable
ark 3.22-community 20.08.0-r1 None possibly vulnerable
ark 3.22-community 20.04.3-r1 None possibly vulnerable