CVE-2018-1000801
Published: 6 September 2018
okular version 18.08 and earlier contains a Directory Traversal vulnerability in function "unpackDocumentArchive(...)" in "core/document.cpp" that can result in Arbitrary file creation on the user workstation. This attack appear to be exploitable via he victim must open a specially crafted Okular archive. This issue appears to have been corrected in version 18.08.1
From the Ubuntu Security Team
It was discovered that Okular mishandled certain crafted archives during extraction. An attacker could use this vulnerability to write arbitrary files to the filesystem.
Notes
Author | Note |
---|---|
msalvatore | The POC does not successfully execute on xenial and trusty. Further triage and audit are needed to verify whether or not xenial and trusty are vulnerable. |
Priority
Status
Package | Release | Status |
---|---|---|
okular Launchpad, Ubuntu, Debian |
bionic |
Released
(4:17.12.3-0ubuntu1+esm1)
Available with Ubuntu Pro |
cosmic |
Ignored
(end of life)
|
|
disco |
Not vulnerable
(4:18.12.3-0ubuntu1)
|
|
eoan |
Not vulnerable
(4:18.12.3-0ubuntu1)
|
|
focal |
Not vulnerable
(4:18.12.3-0ubuntu1)
|
|
groovy |
Not vulnerable
(4:18.12.3-0ubuntu1)
|
|
hirsute |
Not vulnerable
(4:18.12.3-0ubuntu1)
|
|
impish |
Not vulnerable
(4:18.12.3-0ubuntu1)
|
|
jammy |
Not vulnerable
(4:18.12.3-0ubuntu1)
|
|
kinetic |
Not vulnerable
(4:18.12.3-0ubuntu1)
|
|
lunar |
Not vulnerable
(4:18.12.3-0ubuntu1)
|
|
mantic |
Not vulnerable
(4:18.12.3-0ubuntu1)
|
|
trusty |
Does not exist
(trusty was needs-triage)
|
|
upstream |
Released
(18.08.1)
|
|
xenial |
Needs triage
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 5.5 |
Attack vector | Local |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | High |
Availability impact | None |
Vector | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |