File Roller

file-roller

Vendor: Gnome • 3 CVEs

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-36314 2Fedoraproject Gnome 2Fedora File Roller Nov 21, 2024 Apr 7, 2021 N/A· v4 3.9 LOW· v3 2.6 LOW· v2 fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in cer...Show more fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for CVE-2020-11736.Show less
CVE-2020-11736 3Canonical DebianGnome 3Debian Linux File RollerUbuntu Linux Nov 21, 2024 Apr 13, 2020 N/A· v4 3.9 LOW· v3 3.3 LOW· v2 fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction...Show more fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.Show less
CVE-2019-16680 4Canonical DebianGnome+1 more 4Debian Linux Enterprise LinuxFile Roller+1 more Nov 21, 2024 Sep 21, 2019 N/A· v4 4.3 MEDIUM· v3 2.6 LOW· v2 An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction.