CVE-2018-1000801

okular version 18.08 and earlier contains a Directory Traversal vulnerability in function "unpackDocumentArchive(...)" in "core/document.cpp" that can result in Arbitrary file creation on the user workstation. This attack appear to be exploitable via he victim must open a specially crafted Okular archive. This issue appears to have been corrected in version 18.08.1

References

Affected packages

Git / github.com/kde/okular

Affected ranges

Type

GIT

Repo

https://github.com/kde/okular

Events

Introduced

Last affected

4f06f742f95de968388f9020c940029e43704098

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "18.08"
        }
    ]
}

Affected versions

v18.*

v18.07.80

v18.07.90

v18.08.0

v3.*

v3.2.0

v3.3.0

v3.3.2

v3.4.0-beta1

v3.4.0-beta2

v3.90.1

v3.91.0

v3.92.0

v3.93.0

v3.94.0

v3.95.0

v3.96.0

v3.97.0

v4.*

v4.0.0

v4.0.71

v4.0.80

v4.0.83

v4.0.98

v4.1.80

v4.1.85

v4.10.80

v4.10.90

v4.13.80

v4.2.85

v4.2.90

v4.2.95

v4.3.80

v4.3.85

v4.3.90

v4.4.80

v4.4.85

v4.4.90

v4.5.80

v4.5.85

v4.5.90

v4.6.80

v4.6.90

v4.6.95

v4.7.80

v4.7.90

v4.7.95

v4.8.80

v4.9.80

v4.9.90

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000801.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0"
            }
        ]
    }
]