CVE-2020-11736

Publication date 13 April 2020

Last updated 25 August 2025

Ubuntu priority

Medium

Why this priority?

Cvss 3 Severity Score

3.9 · Low

Score breakdown

Description

fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.

Status

Package Ubuntu Release Status
file-roller 20.04 LTS focal
Fixed 3.36.1-1ubuntu0.1
19.10 eoan
Fixed 3.32.2-1ubuntu0.1
18.04 LTS bionic
Fixed 3.28.0-1ubuntu1.2
16.04 LTS xenial
Fixed 3.16.5-0ubuntu1.4
14.04 LTS trusty Not in release

Severity score breakdown

CVSS version: CVSS v3.0

Base score 3.9 · Low

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L

References

Related Ubuntu Security Notices (USN)

    • USN-4332-1
    • File Roller vulnerability
    • 20 April 2020
    • USN-4332-2
    • File Roller vulnerability
    • 27 April 2020

Other references

Access our resources on patching vulnerabilities