VDB
CVE-2013-4668
CVE-2013-4668
PUBLISHED
CVSS 5 MEDIUM
Directory traversal vulnerability in File Roller 3.6.x before 3.6.4, 3.8.x before 3.8.3, and 3.9.x before 3.9.3, when libarchive is used, allows remote attackers to create arbitrary files via a crafted archive that is not properly handled in a "Keep directory structure" action, related to fr-archive-libarchive.c and fr-window.c.
EPSS 1.33% · 80.3th percentile
Risk Scores
CVSS 2.0
5
EPSS Score
1.33%
80.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | * |
| file_roller_project | file_roller | 3.6.0, 3.8.0, 3.9.1 |
| canonical | ubuntu_linux | 13.04, 12.10 |
Timeline
- Jul 18, 2013 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 16, 2023 EPSS Score
- Sep 7, 2023 EPSS Score
References
- USN-1906-1 vendor-advisory
- openSUSE-SU-2013:1281 vendor-advisory
- http://www.ocert.org/advisories/ocert-2013-001.html url
- https://git.gnome.org/browse/file-roller/commit/?id=b147281293a8307808475e102a14857055f81631 url
- 54351 third-party-advisory
- 61008 vdb
- 20130708 [oCERT-2013-001] File Roller path sanitization errors mailing-list
- https://nvd.nist.gov/vuln/detail/CVE-2013-4668 advisory