Fluid Attacks Database

Description

An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	file-roller	>=0 <3.30.0-1	3.30.0-1
debian 14	file-roller	>=0 <3.30.0-1	3.30.0-1
debian 13	file-roller	>=0 <3.30.0-1	3.30.0-1
debian 11	file-roller	>=0 <3.30.0-1	3.30.0-1
rpm rhel6	file-roller	-	-
rpm rhel7	file-roller	-	-
rpm rhel8	file-roller	<0:3.28.1-3.el8	0:3.28.1-3.el8
rpm rhel5	file-roller	-	-

Aliases

1. CVE-2019-166802. NVD-2019-166803. OSV-DEBIAN-2019-166804. OSV-2019-166805. SECURITY-TRACKER-CVE-2019-16680

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.