CVSS: 7.5EPSS: 1%CPEs: 22EXPL: 1CVE-2016-7162 – Ubuntu Security Notice USN-3074-1
https://notcve.org/view.php?id=CVE-2016-7162
09 Sep 2016 — The _g_file_remove_directory function in file-utils.c in File Roller 3.5.4 through 3.20.2 allows remote attackers to delete arbitrary files via a symlink attack on a folder in an archive. La función _g_file_remove_directory en file-utils.c en File Roller 3.5.4 hasta la versión 3.20.2 permite a atacantes remotos eliminar archivos arbitrarios a través de un ataque de enlace simbólico en una carpeta en un archivo. It was discovered that File Roller incorrectly handled symlinks. If a user were tricked into extr... • http://ftp.gnome.org/mirror/gnome.org/sources/file-roller/3.20/file-roller-3.20.3.news • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 5%CPEs: 5EXPL: 0CVE-2013-4668 – File Roller Path Traversal
https://notcve.org/view.php?id=CVE-2013-4668
08 Jul 2013 — Directory traversal vulnerability in File Roller 3.6.x before 3.6.4, 3.8.x before 3.8.3, and 3.9.x before 3.9.3, when libarchive is used, allows remote attackers to create arbitrary files via a crafted archive that is not properly handled in a "Keep directory structure" action, related to fr-archive-libarchive.c and fr-window.c. Vulnerabilidad de salto de directorio en File Roller v3.6.x anterior a v3.6.4, v3.8.x anterior a v3.8.3, y v3.9.x anterior a v3.9.3, cuando libarchive es utilizado, permite a atacan... • http://archives.neohapsis.com/archives/bugtraq/2013-07/0039.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •