{"id":"CVE-2024-57966","details":"libarchiveplugin.cpp in KDE ark before 24.12.0 can extract to an absolute path from an archive.","modified":"2026-04-16T04:37:21.479849782Z","published":"2025-02-03T05:15:10.080Z","related":["openSUSE-SU-2025:0090-1"],"references":[{"type":"WEB","url":"https://github.com/KDE/ark/compare/v24.11.90...v24.12.0"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/02/msg00007.html"},{"type":"FIX","url":"https://github.com/KDE/ark/commit/fe518d81b338941e0bf1c5ce5e75a9ab6de4bb58"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/KDE/ark","events":[{"introduced":"0"},{"fixed":"fe518d81b338941e0bf1c5ce5e75a9ab6de4bb58"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"24.12.0"}]}},{"type":"GIT","repo":"https://github.com/kde/ark","events":[{"introduced":"0"},{"fixed":"fe518d81b338941e0bf1c5ce5e75a9ab6de4bb58"}]}],"versions":["v1.1.0","v14.11.80","v14.11.90","v15.03.80","v15.03.90","v15.03.95","v15.11.80","v15.11.90","v2.0.0","v2.1.0","v2.2.0","v24.01.75","v24.01.80","v24.01.85","v24.01.90","v24.11.80","v24.11.90","v3.0.0","v3.2.0","v3.3.0","v3.4.0","v3.4.0-beta1","v3.4.0-beta2","v3.4.90","v3.4.91","v3.80.2","v3.80.3","v3.90.1","v3.93","v3.94","v3.95","v3.96","v3.97","v4.0.0","v4.0.71","v4.0.80","v4.0.83","v4.0.98","v4.1.80","v4.1.85","v4.1.96","v4.10.80","v4.10.90","v4.11.80","v4.11.90","v4.11.95","v4.11.97","v4.12.0","v4.12.80","v4.12.90","v4.13.80","v4.2.85","v4.2.90","v4.2.95","v4.3.80","v4.3.85","v4.3.90","v4.4.80","v4.4.85","v4.4.90","v4.5.80","v4.5.85","v4.5.90","v4.6.80","v4.6.90","v4.7.80","v4.7.90","v4.7.95","v4.8.80","v4.8.90","v4.8.95","v4.9.80","v4.9.90","v4.9.95","v4.9.97","v4.9.98"],"database_specific":{"vanir_signatures":[{"deprecated":false,"source":"https://github.com/KDE/ark/commit/fe518d81b338941e0bf1c5ce5e75a9ab6de4bb58","target":{"file":"plugins/libarchive/libarchiveplugin.cpp"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["220204647504994727138907679677301311624","222038716733348899504575798418846489909","229032019905062076456928908007330015070","65978093045713843273613591632343073311","26735906475720014663809280306154077684","73617774723263138499033682547975979456","221547668275580750425446489519470341178","260338842149791753201417877460226876978","224597503903516629171941227306572650715","339066316322557546373799136365671747786","61825346247672945957102480452548455776"]},"signature_version":"v1","id":"CVE-2024-57966-0a339aad"},{"source":"https://github.com/KDE/ark/commit/fe518d81b338941e0bf1c5ce5e75a9ab6de4bb58","deprecated":false,"target":{"file":"autotests/kerfuffle/extracttest.cpp","function":"ExtractTest::testExtraction_data"},"signature_version":"v1","signature_type":"Function","digest":{"length":15280,"function_hash":"80977258953651137448340464034251151328"},"id":"CVE-2024-57966-1d05affd"},{"deprecated":false,"source":"https://github.com/KDE/ark/commit/fe518d81b338941e0bf1c5ce5e75a9ab6de4bb58","target":{"file":"plugins/libarchive/libarchiveplugin.cpp","function":"LibarchivePlugin::extractionFlags"},"digest":{"length":153,"function_hash":"92950249168408824949588827210376077342"},"signature_type":"Function","signature_version":"v1","id":"CVE-2024-57966-1dc68a4b"},{"source":"https://github.com/KDE/ark/commit/fe518d81b338941e0bf1c5ce5e75a9ab6de4bb58","deprecated":false,"target":{"file":"autotests/kerfuffle/extracttest.cpp"},"signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["332267113243607604279641050664915530879","198775865366999714708383753794641788723","137190222825344850611546818937876466641"]},"id":"CVE-2024-57966-3baf26b6"},{"deprecated":false,"source":"https://github.com/kde/ark/commit/fe518d81b338941e0bf1c5ce5e75a9ab6de4bb58","target":{"file":"plugins/libarchive/libarchiveplugin.cpp","function":"LibarchivePlugin::extractionFlags"},"id":"CVE-2024-57966-817be60b","digest":{"length":153,"function_hash":"92950249168408824949588827210376077342"},"signature_version":"v1","signature_type":"Function"},{"source":"https://github.com/kde/ark/commit/fe518d81b338941e0bf1c5ce5e75a9ab6de4bb58","deprecated":false,"target":{"file":"plugins/libarchive/libarchiveplugin.cpp"},"signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["220204647504994727138907679677301311624","222038716733348899504575798418846489909","229032019905062076456928908007330015070","65978093045713843273613591632343073311","26735906475720014663809280306154077684","73617774723263138499033682547975979456","221547668275580750425446489519470341178","260338842149791753201417877460226876978","224597503903516629171941227306572650715","339066316322557546373799136365671747786","61825346247672945957102480452548455776"]},"id":"CVE-2024-57966-bd1f9628"},{"deprecated":false,"source":"https://github.com/kde/ark/commit/fe518d81b338941e0bf1c5ce5e75a9ab6de4bb58","target":{"file":"autotests/kerfuffle/extracttest.cpp"},"digest":{"threshold":0.9,"line_hashes":["332267113243607604279641050664915530879","198775865366999714708383753794641788723","137190222825344850611546818937876466641"]},"signature_type":"Line","signature_version":"v1","id":"CVE-2024-57966-f813b5de"},{"source":"https://github.com/kde/ark/commit/fe518d81b338941e0bf1c5ce5e75a9ab6de4bb58","deprecated":false,"target":{"file":"autotests/kerfuffle/extracttest.cpp","function":"ExtractTest::testExtraction_data"},"signature_version":"v1","signature_type":"Function","digest":{"length":15280,"function_hash":"80977258953651137448340464034251151328"},"id":"CVE-2024-57966-f85700cc"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-57966.json","vanir_signatures_modified":"2026-04-12T19:53:18Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L"}]}