CVE-2016-7162

The _g_file_remove_directory function in file-utils.c in File Roller 3.5.4 through 3.20.2 allows remote attackers to delete arbitrary files via a symlink attack on a folder in an archive.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
VendorProductVersion
canonicalubuntu_linux
14.04
canonicalubuntu_linux
16.04
file_roller_projectfile_roller
3.5.4
file_roller_projectfile_roller
3.6.0
file_roller_projectfile_roller
3.6.1
file_roller_projectfile_roller
3.6.1.1
file_roller_projectfile_roller
3.6.2
file_roller_projectfile_roller
3.6.3
file_roller_projectfile_roller
3.6.4
file_roller_projectfile_roller
3.8.0
file_roller_projectfile_roller
3.8.1
file_roller_projectfile_roller
3.8.2
file_roller_projectfile_roller
3.8.3
file_roller_projectfile_roller
3.9.0
file_roller_projectfile_roller
3.9.1
file_roller_projectfile_roller
3.9.2
file_roller_projectfile_roller
3.9.3
file_roller_projectfile_roller
3.10
file_roller_projectfile_roller
3.15
file_roller_projectfile_roller
3.20
file_roller_projectfile_roller
3.20.1
file_roller_projectfile_roller
3.20.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
file-roller
bullseye
3.38.1-1
fixed
jessie
no-dsa
wheezy
not-affected
bookworm
43.0-1
fixed
sid
44.3-1
fixed
trixie
44.3-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
file-roller
xenial
Fixed 3.16.5-0ubuntu1.2
released
trusty
Fixed 3.10.2.1-0ubuntu4.2
released
precise
not-affected
Common Weakness Enumeration
References
http://ftp.gnome.org/mirror/gnome.org/sources/file-roller/3.20/file-roller-3.20.3.news
http://ftp.gnome.org/mirror/gnome.org/sources/file-roller/3.21/file-roller-3.21.90.news
http://www.openwall.com/lists/oss-security/2016/09/08/4
http://www.securityfocus.com/bid/92896
http://www.ubuntu.com/usn/USN-3074-1
https://bugzilla.gnome.org/show_bug.cgi?id=698554
https://git.gnome.org/browse/file-roller/commit/?id=f70be1f41688859ec8dbe266df35a1839ceb96c5
http://ftp.gnome.org/mirror/gnome.org/sources/file-roller/3.20/file-roller-3.20.3.news
http://ftp.gnome.org/mirror/gnome.org/sources/file-roller/3.21/file-roller-3.21.90.news
http://www.openwall.com/lists/oss-security/2016/09/08/4
http://www.securityfocus.com/bid/92896
http://www.ubuntu.com/usn/USN-3074-1
https://bugzilla.gnome.org/show_bug.cgi?id=698554
https://git.gnome.org/browse/file-roller/commit/?id=f70be1f41688859ec8dbe266df35a1839ceb96c5