CVE-2018-1000801

2018-09-06 20:29:00 2019-03-20 20:55:18

okular version 18.08 and earlier contains a Directory Traversal vulnerability in function "unpackDocumentArchive(...)" in "core/document.cpp" that can result in Arbitrary file creation on the user workstation. This attack appear to be exploitable via he victim must open a specially crafted Okular archive. This issue appears to have been corrected in version 18.08.1

Vector

NETWORK

Complexity

MEDIUM

Authentication

NONE

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Debian Linux 8.0 (Jessie) Debian Debian linux 9.0 (not an official CPE)

Kde Okular 18.08 (not an official CPE)

Kde - Okular Debian - Debian linux

Advisory	Patch	Confirmed	Link
			DSA-4303
			GLSA-201811-08
			https://cgit.kde.org/okular.git/commit/?id=8ff7abc14d419...
			[debian-lts-announce] 20180923 [SECURITY] [DLA 1516-1] o...
			https://bugs.kde.org/show_bug.cgi?id=398096

CVE-2018-1000801

2018-09-06 20:29:00 2019-03-20 20:55:18

Vector

Complexity

Authentication

Confidentiality

Integrity

Availability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (ID 22)