Fluid Attacks Database

Description

Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb() in user.c.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	accountsservice	>=0 <0.6.45-2	0.6.45-2
debian 11	accountsservice	>=0 <0.6.45-2	0.6.45-2
debian 13	accountsservice	>=0 <0.6.45-2	0.6.45-2
rpm rhel7	osinfo-db	<0:20180531-1.el7	0:20180531-1.el7
rpm rhel7	libgexiv2	<0:0.10.8-1.el7	0:0.10.8-1.el7
rpm rhel7	cairo	<0:1.15.12-3.el7	0:1.15.12-3.el7
debian 14	accountsservice	>=0 <0.6.45-2	0.6.45-2
rpm rhel7	libgovirt	<0:0.3.4-1.el7	0:0.3.4-1.el7
rpm rhel7	nautilus-sendto	<1:3.8.6-1.el7	1:3.8.6-1.el7
rpm rhel7	ekiga	<0:4.0.1-8.el7	0:4.0.1-8.el7

1-10 of 150

Aliases

1. CVE-2018-140362. NVD-2018-140363. OSV-DEBIAN-2018-140364. OSV-2018-140365. SECURITY-TRACKER-CVE-2018-14036

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.