{"id":"CVE-2018-14036","details":"Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb() in user.c.","modified":"2026-03-15T22:18:58.812971Z","published":"2018-07-13T12:29:00.217Z","related":["SUSE-SU-2018:3625-1","SUSE-SU-2019:2778-1","openSUSE-SU-2024:10611-1"],"references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/104757"},{"type":"REPORT","url":"https://bugzilla.suse.com/show_bug.cgi?id=1099699"},{"type":"FIX","url":"https://cgit.freedesktop.org/accountsservice/commit/?id=f9abd359f71a5bce421b9ae23432f539a067847a"},{"type":"EVIDENCE","url":"https://bugs.freedesktop.org/show_bug.cgi?id=107085"},{"type":"EVIDENCE","url":"http://www.openwall.com/lists/oss-security/2018/07/02/2"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"0.6.50"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-14036.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}