CVE-2020-16116

Priority
Description
In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can
install files outside the extraction directory via ../ directory traversal.
Ubuntu-Description
Dominik Penner discovered that Ark did not properly sanitize zip
archive files before performing extraction. An attacker could use
this to construct a malicious zip archive that, when opened, would
create files outside the extraction directory.
Notes
Package
Source: ark (LP Ubuntu Debian)
Upstream:released (4:20.04.3-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):released (4:17.12.3-0ubuntu1.1)
Ubuntu 20.04 LTS (Focal Fossa):released (4:19.12.3-0ubuntu1.1)
Ubuntu 20.10 (Groovy Gorilla):not-affected (4:20.04.3-1)
More Information

Updated: 2020-10-24 07:03:44 UTC (commit 69e225d81a6ee3e2e014950178db797c5d4e5009)