Yiğit Can Yılmaz discovered that GNOME Autoar could extract files outside of the intended directory. If a user were tricked into extracting a specially crafted archive, a remote attacker could create files in arbitrary locations, possibly leading to code execution.
{ "availability": "No subscription required", "binaries": [ { "libgnome-autoar-gtk-0-dev": "0.2.3-1ubuntu0.1", "libgnome-autoar-0-dev": "0.2.3-1ubuntu0.1", "gir1.2-gnomeautoargtk-0.1": "0.2.3-1ubuntu0.1", "libgnome-autoar-gtk-0-0": "0.2.3-1ubuntu0.1", "libgnome-autoar-doc": "0.2.3-1ubuntu0.1", "libgnome-autoar-gtk-0-0-dbgsym": "0.2.3-1ubuntu0.1", "libgnome-autoar-0-0-dbgsym": "0.2.3-1ubuntu0.1", "libgnome-autoar-0-0": "0.2.3-1ubuntu0.1", "gir1.2-gnomeautoar-0.1": "0.2.3-1ubuntu0.1" } ] }
{ "availability": "No subscription required", "binaries": [ { "libgnome-autoar-gtk-0-dev": "0.2.3-2ubuntu0.1", "libgnome-autoar-0-dev": "0.2.3-2ubuntu0.1", "gir1.2-gnomeautoargtk-0.1": "0.2.3-2ubuntu0.1", "libgnome-autoar-gtk-0-0": "0.2.3-2ubuntu0.1", "libgnome-autoar-doc": "0.2.3-2ubuntu0.1", "libgnome-autoar-gtk-0-0-dbgsym": "0.2.3-2ubuntu0.1", "libgnome-autoar-0-0-dbgsym": "0.2.3-2ubuntu0.1", "libgnome-autoar-0-0": "0.2.3-2ubuntu0.1", "gir1.2-gnomeautoar-0.1": "0.2.3-2ubuntu0.1" } ] }