CVE-2016-7162

The gfileremovedirectory function in file-utils.c in File Roller 3.5.4 through 3.20.2 allows remote attackers to delete arbitrary files via a symlink attack on a folder in an archive.

References

Affected packages

Git / gitlab.gnome.org/GNOME/file-roller

Affected ranges

Type: GIT
Repo: https://gitlab.gnome.org/GNOME/file-roller
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

1bcd3da286cc05e1e84266cc969a2202e439126c

Last affected

37daf88584d93a560cce069c07c1c71818a519e7

Last affected

3ab20ba36333c7db237b028920fd5d74afb3a4b2

Last affected

440695f1a684cdb01837c66d5f7f3b1dcad4f5b3

Last affected

485c3519ef64afea1223845dfabb15ee9cf2d06f

Last affected

66b52fc6d38ddc39af6913a68b2df320279d15d5

Last affected

7564065aa087deb9f228cbfaf01b08f020edede4

Last affected

76c9fd23b7c3fb85804459e9bbfcd42949b7598a

Last affected

77906905cd22febb2edc84c2f480ce02d82140a1

Last affected

7850fc12a13e9f33e09d511014488358bfffbdb9

Last affected

896a76a8a3da6f5fc83cbe1427c55033686f1b5c

Last affected

a0295d1fb0ab1695aa56f593723bbfb5de4236ed

Last affected

a50ba6e449ce16b5b6bc7ae572424035a66137eb

Last affected

ab7c479be3a987ef92c88a623679abb09c8c9c25

Last affected

c1651e186f2f5af153a02276e7f4b7dc2c4706d0

Last affected

cd9f4202ab6aa440367c1e8f58818a86c6f53aa7

Last affected

da59ebafb0a2900b09c86b33c3f3f0ee9d58d8bf

Last affected

eb4282b1e1f35641bf1e543d2ce93bc770ccea0a

Affected versions

3.*

3.0.1

3.0.2

3.1.1

3.1.2

3.1.90

3.1.91

3.1.92

3.2.0

3.2.1

3.3.1

3.3.2

3.3.3

3.3.90

3.3.91

3.3.92

3.4.0

3.4.1

3.4.2

3.5.1

3.5.2

3.5.3

3.5.4

3.5.90

3.5.91

3.5.92

3.6.0

3.6.1

3.6.1.1

3.6.2

3.6.3

3.6.4

3.7.1

3.7.2

3.7.3

3.7.90

3.7.91

3.7.92

3.8.0

3.8.1

3.9.1

3.9.2

3.9.3

Other

FILE_ROLLER_2_13_2

FILE_ROLLER_2_13_4

FILE_ROLLER_2_13_90

FILE_ROLLER_2_13_91

FILE_ROLLER_2_13_92

FILE_ROLLER_2_14_0

FILE_ROLLER_2_14_1

FILE_ROLLER_2_14_2

FILE_ROLLER_2_14_3

FILE_ROLLER_2_15_1

FILE_ROLLER_2_15_90

FILE_ROLLER_2_15_91

FILE_ROLLER_2_15_92

FILE_ROLLER_2_15_93

FILE_ROLLER_2_16_0

FILE_ROLLER_2_16_1

FILE_ROLLER_2_17_1

FILE_ROLLER_2_17_2

FILE_ROLLER_2_17_3

FILE_ROLLER_2_17_4

FILE_ROLLER_2_17_5

FILE_ROLLER_2_17_90

FILE_ROLLER_2_17_91

FILE_ROLLER_2_17_92

FILE_ROLLER_2_18_0

FILE_ROLLER_2_19_1

FILE_ROLLER_2_19_2

FILE_ROLLER_2_19_3

FILE_ROLLER_2_19_4

FILE_ROLLER_2_19_90

FILE_ROLLER_2_19_91

FILE_ROLLER_2_19_92

FILE_ROLLER_2_20_0

FILE_ROLLER_2_20_1

FILE_ROLLER_2_20_2

FILE_ROLLER_2_21_1

FILE_ROLLER_2_21_2

FILE_ROLLER_2_21_91

FILE_ROLLER_2_21_92

FILE_ROLLER_2_22_0

FILE_ROLLER_2_23_1

FILE_ROLLER_2_23_2

FILE_ROLLER_2_23_3

FILE_ROLLER_2_23_4

FILE_ROLLER_2_23_5

FILE_ROLLER_2_23_6

FILE_ROLLER_2_23_91

FILE_ROLLER_2_23_92

FILE_ROLLER_2_24_0

FILE_ROLLER_2_24_1

FILE_ROLLER_2_24_2

FILE_ROLLER_2_25_1

FILE_ROLLER_2_25_2

FILE_ROLLER_2_25_90

FILE_ROLLER_2_25_91

FILE_ROLLER_2_25_92

FILE_ROLLER_2_26_0

FILE_ROLLER_2_26_1

FILE_ROLLER_2_27_1

FILE_ROLLER_2_27_2

FILE_ROLLER_2_27_3

FILE_ROLLER_2_27_90

FILE_ROLLER_2_27_91

FILE_ROLLER_2_27_92

FILE_ROLLER_2_28_0

FILE_ROLLER_2_28_1

FILE_ROLLER_2_29_1

FILE_ROLLER_2_29_2

FILE_ROLLER_2_29_3

FILE_ROLLER_2_29_4

FILE_ROLLER_2_29_5

FILE_ROLLER_2_29_90

FILE_ROLLER_2_29_91

FILE_ROLLER_2_29_92

FILE_ROLLER_2_30_0

FILE_ROLLER_2_30_1

FILE_ROLLER_2_30_1_1

FILE_ROLLER_2_31_1

FILE_ROLLER_2_31_2

FILE_ROLLER_2_31_3

FILE_ROLLER_2_31_4

FILE_ROLLER_2_31_5

FILE_ROLLER_2_31_90

FILE_ROLLER_2_31_91

FILE_ROLLER_2_31_92

FILE_ROLLER_2_32_0

FILE_ROLLER_2_4_0_1

FILE_ROLLER_2_91_0

FILE_ROLLER_2_91_1

FILE_ROLLER_2_91_2

FILE_ROLLER_2_91_3

FILE_ROLLER_2_91_4

FILE_ROLLER_2_91_5

FILE_ROLLER_2_91_6

FILE_ROLLER_2_91_90

FILE_ROLLER_2_91_91

FILE_ROLLER_2_91_92

FILE_ROLLER_2_91_93

FILE_ROLLER_3_0_0

start

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-7162.json"