GCVE - cpe:2.3:a:kde:ark:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:kde:ark:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Kde (`d8ba08cf-7ec1-5504-a5b9-f8cfa50ca850`)
Product	Ark (`a5a9ceee-1113-54ff-8f48-ae1283d682a3`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/ark`	purl2cpe	2026-06-01 10:14:05.119066
`pkg:deb/ubuntu/ark`	purl2cpe	2026-06-01 10:14:05.119070
`pkg:github/kde/ark`	purl2cpe	2026-06-01 10:14:05.119073
`pkg:rpm/fedora/ark`	purl2cpe	2026-06-01 10:14:05.119075

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-57966`	vulnerable	2026-06-03 14:57:50.981094	Details available MEDIUM (5) libarchiveplugin.cpp in KDE ark before 24.12.0 can extract to an absolute path from an archive. Published: 2025-02-03T00:00:00.000Z Updated: 2025-02-09T05:02:36.861Z Open on db.gcve.eu Reference links https://github.com/KDE/ark/commit/fe518d81b338941e0bf1c5ce5e75a9ab6de4bb58 https://github.com/KDE/ark/compare/v24.11.90...v24.12.0	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-24654`	vulnerable	2026-06-03 14:42:07.926353	Details available In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory. Published: 2020-09-02T16:22:10.000Z Updated: 2024-08-04T15:19:08.343Z Open on db.gcve.eu Reference links http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00001.html https://github.com/KDE/ark/commit/8bf8c5ef07b0ac5e914d752681e470dea403a5bd https://bugzilla.suse.com/show_bug.cgi?id=1175857 https://kde.org/info/security/advisory-20200827-1.txt https://www.debian.org/security/2020/dsa-4759	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-16116`	vulnerable	2026-06-03 14:41:47.171024	Details available In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal. Published: 2020-08-03T19:34:07.000Z Updated: 2024-08-04T13:37:53.926Z Open on db.gcve.eu Reference links https://github.com/KDE/ark/commits/master https://www.debian.org/security/2020/dsa-4738 https://kde.org/info/security/advisory-20200730-1.txt https://invent.kde.org/utilities/ark/-/commit/0df592524fed305d6fbe74ddf8a196bc9ffdb92f https://security.gentoo.org/glsa/202008-03	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-5330`	vulnerable	2026-06-03 14:37:18.798476	Details available ark before 16.12.1 might allow remote attackers to execute arbitrary code via an executable in an archive, related to associated applications. Published: 2017-03-27T15:00:00.000Z Updated: 2024-08-05T14:55:35.795Z Open on db.gcve.eu Reference links https://security.gentoo.org/glsa/201701-69 https://bugs.kde.org/show_bug.cgi?id=374572 https://cgit.kde.org/ark.git/commit/?id=82fdfd24d46966a117fa625b68784735a40f9065 http://www.securityfocus.com/bid/95349 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NIMZUCG6IQR5S65IVQOXQFQV7TMVSYAT/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-2725`	vulnerable	2026-06-03 14:31:10.480629	Details available Directory traversal vulnerability in Ark 4.7.x and earlier allows remote attackers to delete and force the display of arbitrary files via .. (dot dot) sequences in a zip file. Published: 2014-02-04T19:00:00.000Z Updated: 2024-08-06T23:08:23.781Z Open on db.gcve.eu Reference links http://lists.opensuse.org/opensuse-updates/2012-03/msg00002.html http://seclists.org/fulldisclosure/2011/Oct/351 https://bugzilla.redhat.com/show_bug.cgi?id=725764 https://bugzilla.novell.com/show_bug.cgi?id=708268 http://packetstormsecurity.com/files/105610/Ark-2.16-Directory-Traversal.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.