Fluid Attacks Database

Description

The _g_file_remove_directory function in file-utils.c in File Roller 3.5.4 through 3.20.2 allows remote attackers to delete arbitrary files via a symlink attack on a folder in an archive.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	file-roller	>=0 <3.20.3-1	3.20.3-1
debian 14	file-roller	>=0 <3.20.3-1	3.20.3-1
debian 12	file-roller	>=0 <3.20.3-1	3.20.3-1
debian 13	file-roller	>=0 <3.20.3-1	3.20.3-1
rpm rhel7	file-roller	-	-

Aliases

1. CVE-2016-71622. NVD-2016-71623. OSV-DEBIAN-2016-71624. OSV-2016-71625. SECURITY-TRACKER-CVE-2016-7162

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.