{"id":"CVE-2024-57966","details":"libarchiveplugin.cpp in KDE ark before 24.12.0 can extract to an absolute path from an archive.","modified":"2026-03-15T22:49:09.385281Z","published":"2025-02-03T05:15:10.080Z","related":["MGASA-2025-0061","openSUSE-SU-2025:0090-1"],"references":[{"type":"WEB","url":"https://github.com/KDE/ark/compare/v24.11.90...v24.12.0"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/02/msg00007.html"},{"type":"FIX","url":"https://github.com/KDE/ark/commit/fe518d81b338941e0bf1c5ce5e75a9ab6de4bb58"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/KDE/ark","events":[{"introduced":"0"},{"fixed":"fe518d81b338941e0bf1c5ce5e75a9ab6de4bb58"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"24.12.0"}]}},{"type":"GIT","repo":"https://github.com/kde/ark","events":[{"introduced":"0"},{"fixed":"fe518d81b338941e0bf1c5ce5e75a9ab6de4bb58"}]}],"versions":["v1.1.0","v14.11.80","v14.11.90","v14.11.95","v14.11.97","v14.12.0","v14.12.1","v14.12.2","v15.03.80","v15.03.90","v15.03.95","v15.03.97","v15.04.0","v15.04.1","v15.04.2","v15.07.80","v15.07.90","v15.08.0","v15.08.1","v15.08.2","v15.08.3","v15.11.80","v15.11.90","v15.12.0","v15.12.1","v15.12.2","v15.12.3","v16.03.80","v16.03.90","v16.04.0","v16.04.1","v16.04.2","v16.04.3","v16.07.80","v16.07.90","v16.08.0","v16.08.1","v16.08.2","v16.11.80","v16.11.90","v16.12.0","v16.12.1","v16.12.2","v17.03.80","v17.03.90","v17.04.0","v17.04.1","v17.04.2","v17.04.3","v17.07.80","v17.07.90","v17.08.0","v17.08.1","v17.08.2","v17.11.80","v17.11.90","v17.12.0","v17.12.1","v17.12.2","v17.12.3","v18.03.80","v18.03.90","v18.04.0","v18.04.1","v18.04.2","v18.07.80","v18.07.90","v18.08.0","v18.08.1","v18.08.2","v18.11.80","v18.11.90","v18.12.0","v18.12.1","v18.12.2","v19.03.80","v19.03.90","v19.04.0","v19.04.1","v19.04.2","v19.07.80","v19.07.90","v19.08.0","v19.08.1","v19.08.2","v19.11.80","v19.11.90","v19.12.0","v19.12.1","v19.12.2","v19.12.3","v2.0.0","v2.1.0","v2.2.0","v20.03.80","v20.03.90","v20.04.0","v20.04.1","v20.04.2","v20.04.3","v20.07.80","v20.07.90","v20.08.0","v20.11.80","v20.11.90","v20.12.0","v20.12.1","v21.03.80","v21.03.90","v21.04.0","v21.04.1","v21.04.2","v21.04.3","v21.11.80","v21.11.90","v21.12.0","v21.12.1","v21.12.2","v22.03.80","v22.04.0","v22.04.1","v22.04.2","v22.04.3","v22.07.80","v22.07.90","v22.08.0","v22.08.1","v24.01.75","v24.01.80","v24.01.85","v24.01.90","v24.11.80","v24.11.90","v3.0.0","v3.2.0","v3.3.0","v3.4.0","v3.4.0-beta1","v3.4.0-beta2","v3.4.90","v3.4.91","v3.80.2","v3.80.3","v3.90.1","v3.93","v3.94","v3.95","v3.96","v3.97","v4.0.0","v4.0.71","v4.0.80","v4.0.83","v4.0.98","v4.1.80","v4.1.85","v4.1.96","v4.10.0","v4.10.1","v4.10.2","v4.10.3","v4.10.4","v4.10.5","v4.10.80","v4.10.90","v4.11.80","v4.11.90","v4.11.95","v4.11.97","v4.12.0","v4.12.1","v4.12.2","v4.12.3","v4.12.80","v4.12.90","v4.12.95","v4.12.97","v4.13.0","v4.13.1","v4.13.80","v4.13.90","v4.13.95","v4.13.97","v4.14.0","v4.14.1","v4.14.2","v4.14.3","v4.2.85","v4.2.90","v4.2.95","v4.3.80","v4.3.85","v4.3.90","v4.4.80","v4.4.85","v4.4.90","v4.5.80","v4.5.85","v4.5.90","v4.5.95","v4.6.0","v4.6.1","v4.6.2","v4.6.3","v4.6.80","v4.6.90","v4.6.95","v4.7.80","v4.7.90","v4.7.95","v4.7.97","v4.8.0","v4.8.1","v4.8.2","v4.8.3","v4.8.4","v4.8.5","v4.8.80","v4.8.90","v4.8.95","v4.8.97","v4.9.0","v4.9.1","v4.9.2","v4.9.3","v4.9.4","v4.9.80","v4.9.90","v4.9.95","v4.9.97","v4.9.98"],"database_specific":{"vanir_signatures":[{"digest":{"threshold":0.9,"line_hashes":["220204647504994727138907679677301311624","222038716733348899504575798418846489909","229032019905062076456928908007330015070","65978093045713843273613591632343073311","26735906475720014663809280306154077684","73617774723263138499033682547975979456","221547668275580750425446489519470341178","260338842149791753201417877460226876978","224597503903516629171941227306572650715","339066316322557546373799136365671747786","61825346247672945957102480452548455776"]},"signature_version":"v1","signature_type":"Line","source":"https://github.com/KDE/ark/commit/fe518d81b338941e0bf1c5ce5e75a9ab6de4bb58","id":"CVE-2024-57966-0a339aad","deprecated":false,"target":{"file":"plugins/libarchive/libarchiveplugin.cpp"}},{"digest":{"function_hash":"80977258953651137448340464034251151328","length":15280},"signature_version":"v1","signature_type":"Function","source":"https://github.com/KDE/ark/commit/fe518d81b338941e0bf1c5ce5e75a9ab6de4bb58","id":"CVE-2024-57966-1d05affd","deprecated":false,"target":{"file":"autotests/kerfuffle/extracttest.cpp","function":"ExtractTest::testExtraction_data"}},{"digest":{"function_hash":"92950249168408824949588827210376077342","length":153},"signature_version":"v1","signature_type":"Function","source":"https://github.com/KDE/ark/commit/fe518d81b338941e0bf1c5ce5e75a9ab6de4bb58","id":"CVE-2024-57966-1dc68a4b","deprecated":false,"target":{"file":"plugins/libarchive/libarchiveplugin.cpp","function":"LibarchivePlugin::extractionFlags"}},{"digest":{"threshold":0.9,"line_hashes":["332267113243607604279641050664915530879","198775865366999714708383753794641788723","137190222825344850611546818937876466641"]},"signature_version":"v1","signature_type":"Line","source":"https://github.com/KDE/ark/commit/fe518d81b338941e0bf1c5ce5e75a9ab6de4bb58","id":"CVE-2024-57966-3baf26b6","deprecated":false,"target":{"file":"autotests/kerfuffle/extracttest.cpp"}},{"digest":{"function_hash":"92950249168408824949588827210376077342","length":153},"signature_version":"v1","signature_type":"Function","source":"https://github.com/kde/ark/commit/fe518d81b338941e0bf1c5ce5e75a9ab6de4bb58","id":"CVE-2024-57966-817be60b","deprecated":false,"target":{"file":"plugins/libarchive/libarchiveplugin.cpp","function":"LibarchivePlugin::extractionFlags"}},{"digest":{"threshold":0.9,"line_hashes":["220204647504994727138907679677301311624","222038716733348899504575798418846489909","229032019905062076456928908007330015070","65978093045713843273613591632343073311","26735906475720014663809280306154077684","73617774723263138499033682547975979456","221547668275580750425446489519470341178","260338842149791753201417877460226876978","224597503903516629171941227306572650715","339066316322557546373799136365671747786","61825346247672945957102480452548455776"]},"signature_version":"v1","signature_type":"Line","source":"https://github.com/kde/ark/commit/fe518d81b338941e0bf1c5ce5e75a9ab6de4bb58","id":"CVE-2024-57966-bd1f9628","deprecated":false,"target":{"file":"plugins/libarchive/libarchiveplugin.cpp"}},{"digest":{"threshold":0.9,"line_hashes":["332267113243607604279641050664915530879","198775865366999714708383753794641788723","137190222825344850611546818937876466641"]},"signature_version":"v1","signature_type":"Line","source":"https://github.com/kde/ark/commit/fe518d81b338941e0bf1c5ce5e75a9ab6de4bb58","id":"CVE-2024-57966-f813b5de","deprecated":false,"target":{"file":"autotests/kerfuffle/extracttest.cpp"}},{"digest":{"function_hash":"80977258953651137448340464034251151328","length":15280},"signature_version":"v1","signature_type":"Function","source":"https://github.com/kde/ark/commit/fe518d81b338941e0bf1c5ce5e75a9ab6de4bb58","id":"CVE-2024-57966-f85700cc","deprecated":false,"target":{"file":"autotests/kerfuffle/extracttest.cpp","function":"ExtractTest::testExtraction_data"}}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-57966.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L"}]}