Candidate: CVE-2018-1000801
PublicDate: 2018-09-06 18:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000801
 https://bugs.kde.org/show_bug.cgi?id=398096
 https://cgit.kde.org/okular.git/commit/?id=8ff7abc14d41906ad978b6bc67e69693863b9d47
Description:
 okular version 18.08 and earlier contains a Directory Traversal
 vulnerability in function "unpackDocumentArchive(...)" in
 "core/document.cpp" that can result in Arbitrary file creation on the user
 workstation. This attack appear to be exploitable via he victim must open a
 specially crafted Okular archive. This issue appears to have been corrected
 in version 18.08.1
Ubuntu-Description:
 It was discovered that Okular mishandled certain crafted archives during
 extraction. An attacker could use this vulnerability to write arbitrary files
 to the filesystem.
Notes:
 msalvatore> The POC does not successfully execute on xenial and trusty. Further
             triage and audit are needed to verify whether or not xenial and
             trusty are vulnerable.
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908168
Priority: low
Discovered-by:
Assigned-to: mikesalvatore
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N [5.5 MEDIUM]


Patches_okular:
upstream_okular: released (18.08.1)
precise/esm_okular: DNE
trusty_okular: ignored (reached end-of-life)
trusty/esm_okular: DNE (trusty was needs-triage)
xenial_okular: ignored (end of standard support, was needs-triage)
bionic_okular: needed

cosmic_okular: ignored (reached end-of-life)
disco_okular: not-affected (4:18.12.3-0ubuntu1)
eoan_okular: not-affected (4:18.12.3-0ubuntu1)
focal_okular: not-affected (4:18.12.3-0ubuntu1)
groovy_okular: not-affected (4:18.12.3-0ubuntu1)
hirsute_okular: not-affected (4:18.12.3-0ubuntu1)
impish_okular: not-affected (4:18.12.3-0ubuntu1)
jammy_okular: not-affected (4:18.12.3-0ubuntu1)
devel_okular: not-affected (4:18.12.3-0ubuntu1)