Vulnerability Description
okular version 18.08 and earlier contains a Directory Traversal vulnerability in function "unpackDocumentArchive(...)" in "core/document.cpp" that can result in Arbitrary file creation on the user workstation. This attack appear to be exploitable via he victim must open a specially crafted Okular archive. This issue appears to have been corrected in version 18.08.1
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kde | Okular | <= 18.08 |
| Debian | Debian Linux | 8.0 |
Related Weaknesses (CWE)
References
- https://bugs.kde.org/show_bug.cgi?id=398096ExploitIssue TrackingPatch
- https://cgit.kde.org/okular.git/commit/?id=8ff7abc14d41906ad978b6bc67e69693863b9PatchThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2018/09/msg00027.htmlMailing ListThird Party Advisory
- https://security.gentoo.org/glsa/201811-08Third Party Advisory
- https://www.debian.org/security/2018/dsa-4303Third Party Advisory
- https://bugs.kde.org/show_bug.cgi?id=398096ExploitIssue TrackingPatch
- https://cgit.kde.org/okular.git/commit/?id=8ff7abc14d41906ad978b6bc67e69693863b9PatchThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2018/09/msg00027.htmlMailing ListThird Party Advisory
- https://security.gentoo.org/glsa/201811-08Third Party Advisory
- https://www.debian.org/security/2018/dsa-4303Third Party Advisory
FAQ
What is CVE-2018-1000801?
CVE-2018-1000801 is a vulnerability with a CVSS score of 5.5 (MEDIUM). okular version 18.08 and earlier contains a Directory Traversal vulnerability in function "unpackDocumentArchive(...)" in "core/document.cpp" that can result in Arbitrary file creation on the user wor...
How severe is CVE-2018-1000801?
CVE-2018-1000801 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-1000801?
Check the references section above for vendor advisories and patch information. Affected products include: Kde Okular, Debian Debian Linux.