Candidate: CVE-2017-5330
PublicDate: 2017-03-27 15:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5330
Description:
 ark before 16.12.1 might allow remote attackers to execute arbitrary code
 via an executable in an archive, related to associated applications.
Ubuntu-Description:
Notes:
 mdeslaur> vulnerable code introduced in 15.11.80
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850874
 https://bugs.kde.org/show_bug.cgi?id=374572
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [7.8 HIGH]

Patches_ark:
 upstream: https://cgit.kde.org/ark.git/commit/?id=82fdfd24d46966a117fa625b68784735a40f9065
upstream_ark: needs-triage
precise_ark: not-affected (code not present)
trusty_ark: not-affected (code not present)
trusty/esm_ark: DNE (trusty was not-affected [code not present])
vivid/stable-phone-overlay_ark: DNE
vivid/ubuntu-core_ark: DNE
xenial_ark: released (4:15.12.3-0ubuntu1.1)
yakkety_ark: released (4:16.04.3a-0ubuntu2.2)
devel_ark: not-affected