In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity.
Information Disclosure
Ark
Ubuntu Linux
Debian Linux
Fedora
+1
NVD
GitHub
CVSS 3.1
3.3
EPSS
1.5%