CVE-2018-1000801

okular version 18.08 and earlier contains a Directory Traversal vulnerability in function "unpackDocumentArchive(...)" in "core/document.cpp" that can result in Arbitrary file creation on the user workstation. This attack appear to be exploitable via he victim must open a specially crafted Okular archive. This issue appears to have been corrected in version 18.08.1

References

Affected packages

Debian:11 / okular

Package

Name: okular
Purl: pkg:deb/debian/okular?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4:17.12.2-2.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / okular

Package

Name: okular
Purl: pkg:deb/debian/okular?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4:17.12.2-2.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / okular

Package

Name: okular
Purl: pkg:deb/debian/okular?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4:17.12.2-2.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/kde/okular

Affected ranges

Type: GIT
Repo: https://github.com/kde/okular
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

4f06f742f95de968388f9020c940029e43704098

Affected versions

v14.*

v14.11.80

v14.11.90

v14.11.95

v14.11.97

v14.12.0

v14.12.1

v14.12.2

v14.12.3

v15.*

v15.03.80

v15.03.90

v15.03.95

v15.03.97

v15.04.0

v15.04.1

v15.07.80

v15.07.90

v15.08.0

v15.08.1

v15.08.2

v15.11.80

v15.11.90

v15.12.0

v15.12.1

v16.*

v16.03.80

v16.03.90

v16.04.0

v16.04.1

v16.04.2

v16.04.3

v16.07.80

v16.07.90

v16.08.0

v16.08.1

v16.08.2

v16.08.3

v16.11.80

v16.11.90

v16.12.0

v16.12.1

v16.12.2

v16.12.3

v17.*

v17.03.80

v17.03.90

v17.04.0

v17.04.1

v17.04.2

v17.04.3

v17.07.80

v17.07.90

v17.08.0

v17.08.1

v17.08.2

v17.11.80

v17.11.90

v17.12.0

v17.12.1

v17.12.2

v18.*

v18.03.80

v18.03.90

v18.04.0

v18.04.1

v18.04.2

v18.04.3

v18.07.80

v18.07.90

v18.08.0

v3.*

v3.2.0

v3.3.0

v3.3.2

v3.4.0-beta1

v3.4.0-beta2

v3.90.1

v3.91.0

v3.92.0

v3.93.0

v3.94.0

v3.95.0

v3.96.0

v3.97.0

v4.*

v4.0.0

v4.0.71

v4.0.80

v4.0.83

v4.0.98

v4.1.80

v4.1.85

v4.10.0

v4.10.1

v4.10.2

v4.10.3

v4.10.4

v4.10.5

v4.10.80

v4.10.90

v4.10.95

v4.10.97

v4.11.0

v4.11.1

v4.11.2

v4.11.3

v4.11.4

v4.11.80

v4.11.90

v4.11.95

v4.11.97

v4.12.0

v4.12.1

v4.12.2

v4.12.3

v4.12.4

v4.12.5

v4.12.80

v4.12.90

v4.12.95

v4.12.97

v4.13.0

v4.13.1

v4.13.2

v4.13.3

v4.13.80

v4.13.90

v4.13.95

v4.13.97

v4.14.0

v4.14.1

v4.14.2

v4.14.3

v4.2.85

v4.2.90

v4.2.95

v4.3.80

v4.3.85

v4.3.90

v4.4.80

v4.4.85

v4.4.90

v4.5.80

v4.5.85

v4.5.90

v4.6.80

v4.6.90

v4.6.95

v4.7.80

v4.7.90

v4.7.95

v4.7.97

v4.8.0

v4.8.1

v4.8.2

v4.8.80

v4.8.90

v4.8.95

v4.8.97

v4.9.0

v4.9.1

v4.9.2

v4.9.3

v4.9.4

v4.9.80

v4.9.90

v4.9.95

v4.9.97

v4.9.98