Home

CVE-2018-1000801

Description

okular version 18.08 and earlier contains a Directory Traversal vulnerability in function unpackDocumentArchive(...) in core/document.cpp that can result in Arbitrary file creation on the user workstation. This attack appear to be exploitable via he victim must open a specially crafted Okular archive. This issue appears to have been corrected in version 18.08.1

Risk Information

Base Score
5.5
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
2.182

Associated Vulnerability

VulnerabilityOS Platform
okular security update(DSA-4303-1) okular_16.08.2-1+deb9u1_i386.debLinux
okular security update(DSA-4303-1) okular_16.08.2-1+deb9u1_amd64.debLinux
(RHSA-2020:1173) okular security update okular-4.10.5-8.el7.x86_64.rpmLinux
(RHSA-2020:1173) okular security update okular-devel-4.10.5-8.el7.i686.rpmLinux
(RHSA-2020:1173) okular security update okular-devel-4.10.5-8.el7.x86_64.rpmLinux
(RHSA-2020:1173) okular security update okular-libs-4.10.5-8.el7.i686.rpmLinux
(RHSA-2020:1173) okular security update okular-libs-4.10.5-8.el7.x86_64.rpmLinux
(RHSA-2020:1173) okular security update okular-part-4.10.5-8.el7.x86_64.rpmLinux
(CESA-2020:1173) okular security update okular-4.10.5-8.el7.x86_64.rpmLinux
(CESA-2020:1173) okular security update okular-devel-4.10.5-8.el7.x86_64.rpmLinux
(CESA-2020:1173) okular security update okular-libs-4.10.5-8.el7.x86_64.rpmLinux
(CESA-2020:1173) okular security update okular-part-4.10.5-8.el7.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234