Fluid Attacks Database

Description

okular version 18.08 and earlier contains a Directory Traversal vulnerability in function "unpackDocumentArchive(...)" in "core/document.cpp" that can result in Arbitrary file creation on the user workstation. This attack appear to be exploitable via he victim must open a specially crafted Okular archive. This issue appears to have been corrected in version 18.08.1

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	okular	>=0 <4:17.12.2-2.1	4:17.12.2-2.1
debian 11	okular	>=0 <4:17.12.2-2.1	4:17.12.2-2.1
debian 12	okular	>=0 <4:17.12.2-2.1	4:17.12.2-2.1
debian 14	okular	>=0 <4:17.12.2-2.1	4:17.12.2-2.1
rpm rhel7	okular	<0:4.10.5-8.el7	0:4.10.5-8.el7

Aliases

1. CVE-2018-10008012. NVD-2018-10008013. OSV-DEBIAN-2018-10008014. OSV-2018-10008015. SECURITY-TRACKER-CVE-2018-1000801

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.