VDB

GCVE-110-MAGEIA-2015-252

GCVE-110-MAGEIA-2015-252
Advisory Published
Vulnetix · Advisory published July 1, 2015
Alexander Cherepanov discovered that p7zip is susceptible to a directory traversal vulnerability. While extracting an archive, it will extract symlinks and then follow them if they are referenced in further entries. This can be exploited by a rogue archive to write files outside the current directory (CVE-2015-1038).

Affected Products

VendorProductVersionsPlatforms
Mageiap7zip0 (affected), 9.20.1-4.1.mga4 (unaffected)
Mageiap7zip0 (affected), 9.20.1-6.1.mga5 (unaffected)

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›