CVE-2016-1244

Priority
Description
The extractTree function in unADF allows remote attackers to execute
arbitrary code via shell metacharacters in a directory name in an adf file.
References
Bugs
Notes
Package
Source: unadf (LP Ubuntu Debian)
Upstream:released (0.7.11a-3+deb7u1)
Ubuntu 14.04 ESM:DNE (trusty was released [0.7.11a-3+deb7u1~build0.14.04.1])
Patches:
Upstream:http://tmp.tjjr.fi/0001-Fix-unsafe-extraction-by-using-mkdir-instead-of-shel.patch
More Information

Updated: 2022-04-13 12:11:28 UTC (commit f411bd370d482ef4385c4e751d121a4055fbc009)