Base Score

MEDIUM5

CVE-2024-57966

libarchiveplugin.cpp in KDE ark before 24.12.0 can extract to an absolute path from an archive.

VectorLOCAL

Published Bycve@mitre.org

Published DateFeb 03, 2025, 05:15

Weakness Type (CWE):CWE-36

CVSS Metrics

Base Score

Vector String

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

CHANGED

Confidentiality (C)

NONE

Integrity (I)

LOW

Availability (A)

LOW

References

https://github.com/KDE/ark/commit/fe518d81b338941e0bf1c5ce5e75a9ab6de4bb58
https://github.com/KDE/ark/compare/v24.11.90...v24.12.0
https://lists.debian.org/debian-lts-announce/2025/02/msg00007.html

Base Score

MEDIUM5

Weakness Type (CWE):CWE-36

CVSS Metrics

Base Score

Vector String

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

CHANGED

Confidentiality (C)

NONE

Integrity (I)

LOW

Availability (A)

LOW