CVE-2024-57966
- Source
- https://cve.org/CVERecord?id=CVE-2024-57966
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-57966.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-57966
- Downstream
- Related
- Published
- 2025-02-03T05:15:10.080Z
- Modified
- 2026-04-16T04:37:21.479849782Z
- Severity
-
- 5.0 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L CVSS Calculator
- Summary
- [none]
- Details
-
libarchiveplugin.cpp in KDE ark before 24.12.0 can extract to an absolute path from an archive.
- References
Affected packages
Git / github.com/KDE/ark
Affected ranges
- Type
- GIT
- Repo
- https://github.com/KDE/ark
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Database specific
{ "versions": [ { "introduced": "0" }, { "fixed": "24.12.0" } ] }
- Type
- GIT
- Repo
- https://github.com/kde/ark
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v1.*
v1.1.0
v14.*
v14.11.80
v14.11.90
v15.*
v15.03.80
v15.03.90
v15.03.95
v15.11.80
v15.11.90
v2.*
v2.0.0
v2.1.0
v2.2.0
v24.*
v24.01.75
v24.01.80
v24.01.85
v24.01.90
v24.11.80
v24.11.90
v3.*
v3.0.0
v3.2.0
v3.3.0
v3.4.0
v3.4.0-beta1
v3.4.0-beta2
v3.4.90
v3.4.91
v3.80.2
v3.80.3
v3.90.1
v3.93
v3.94
v3.95
v3.96
v3.97
v4.*
v4.0.0
v4.0.71
v4.0.80
v4.0.83
v4.0.98
v4.1.80
v4.1.85
v4.1.96
v4.10.80
v4.10.90
v4.11.80
v4.11.90
v4.11.95
v4.11.97
v4.12.0
v4.12.80
v4.12.90
v4.13.80
v4.2.85
v4.2.90
v4.2.95
v4.3.80
v4.3.85
v4.3.90
v4.4.80
v4.4.85
v4.4.90
v4.5.80
v4.5.85
v4.5.90
v4.6.80
v4.6.90
v4.7.80
v4.7.90
v4.7.95
v4.8.80
v4.8.90
v4.8.95
v4.9.80
v4.9.90
v4.9.95
v4.9.97
v4.9.98
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-57966.json"
vanir_signatures
[
{
"source": "https://github.com/KDE/ark/commit/fe518d81b338941e0bf1c5ce5e75a9ab6de4bb58",
"target": {
"file": "plugins/libarchive/libarchiveplugin.cpp"
},
"deprecated": false,
"digest": {
"line_hashes": [
"220204647504994727138907679677301311624",
"222038716733348899504575798418846489909",
"229032019905062076456928908007330015070",
"65978093045713843273613591632343073311",
"26735906475720014663809280306154077684",
"73617774723263138499033682547975979456",
"221547668275580750425446489519470341178",
"260338842149791753201417877460226876978",
"224597503903516629171941227306572650715",
"339066316322557546373799136365671747786",
"61825346247672945957102480452548455776"
],
"threshold": 0.9
},
"id": "CVE-2024-57966-0a339aad",
"signature_type": "Line",
"signature_version": "v1"
},
{
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 15280.0,
"function_hash": "80977258953651137448340464034251151328"
},
"source": "https://github.com/KDE/ark/commit/fe518d81b338941e0bf1c5ce5e75a9ab6de4bb58",
"target": {
"function": "ExtractTest::testExtraction_data",
"file": "autotests/kerfuffle/extracttest.cpp"
},
"id": "CVE-2024-57966-1d05affd"
},
{
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 153.0,
"function_hash": "92950249168408824949588827210376077342"
},
"source": "https://github.com/KDE/ark/commit/fe518d81b338941e0bf1c5ce5e75a9ab6de4bb58",
"target": {
"function": "LibarchivePlugin::extractionFlags",
"file": "plugins/libarchive/libarchiveplugin.cpp"
},
"id": "CVE-2024-57966-1dc68a4b"
},
{
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"332267113243607604279641050664915530879",
"198775865366999714708383753794641788723",
"137190222825344850611546818937876466641"
],
"threshold": 0.9
},
"source": "https://github.com/KDE/ark/commit/fe518d81b338941e0bf1c5ce5e75a9ab6de4bb58",
"target": {
"file": "autotests/kerfuffle/extracttest.cpp"
},
"id": "CVE-2024-57966-3baf26b6"
},
{
"signature_type": "Function",
"source": "https://github.com/kde/ark/commit/fe518d81b338941e0bf1c5ce5e75a9ab6de4bb58",
"deprecated": false,
"digest": {
"length": 153.0,
"function_hash": "92950249168408824949588827210376077342"
},
"target": {
"function": "LibarchivePlugin::extractionFlags",
"file": "plugins/libarchive/libarchiveplugin.cpp"
},
"id": "CVE-2024-57966-817be60b",
"signature_version": "v1"
},
{
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"220204647504994727138907679677301311624",
"222038716733348899504575798418846489909",
"229032019905062076456928908007330015070",
"65978093045713843273613591632343073311",
"26735906475720014663809280306154077684",
"73617774723263138499033682547975979456",
"221547668275580750425446489519470341178",
"260338842149791753201417877460226876978",
"224597503903516629171941227306572650715",
"339066316322557546373799136365671747786",
"61825346247672945957102480452548455776"
],
"threshold": 0.9
},
"source": "https://github.com/kde/ark/commit/fe518d81b338941e0bf1c5ce5e75a9ab6de4bb58",
"target": {
"file": "plugins/libarchive/libarchiveplugin.cpp"
},
"id": "CVE-2024-57966-bd1f9628"
},
{
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"332267113243607604279641050664915530879",
"198775865366999714708383753794641788723",
"137190222825344850611546818937876466641"
],
"threshold": 0.9
},
"source": "https://github.com/kde/ark/commit/fe518d81b338941e0bf1c5ce5e75a9ab6de4bb58",
"target": {
"file": "autotests/kerfuffle/extracttest.cpp"
},
"id": "CVE-2024-57966-f813b5de"
},
{
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 15280.0,
"function_hash": "80977258953651137448340464034251151328"
},
"source": "https://github.com/kde/ark/commit/fe518d81b338941e0bf1c5ce5e75a9ab6de4bb58",
"target": {
"function": "ExtractTest::testExtraction_data",
"file": "autotests/kerfuffle/extracttest.cpp"
},
"id": "CVE-2024-57966-f85700cc"
}
]
vanir_signatures_modified
"2026-04-12T19:53:18Z"