CVE-2019-16680

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-16680
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-16680.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-16680
Downstream
Related
Published
2019-09-21T21:15:10.657Z
Modified
2026-06-25T04:03:07.414782746Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction.

Database specific 
{
    "unresolved_ranges": [
        {
            "vendor_product": "canonical:ubuntu_linux",
            "extracted_events": [
                {
                    "last_affected": "16.04"
                },
                {
                    "last_affected": "18.04"
                }
            ],
            "source": "CPE_STRING",
            "cpes": [
                "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"
            ]
        },
        {
            "vendor_product": "debian:debian_linux",
            "extracted_events": [
                {
                    "last_affected": "8.0"
                },
                {
                    "last_affected": "9.0"
                }
            ],
            "source": "CPE_STRING",
            "cpes": [
                "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"
            ]
        },
        {
            "vendor_product": "redhat:enterprise_linux",
            "extracted_events": [
                {
                    "last_affected": "7.0"
                },
                {
                    "last_affected": "8.0"
                }
            ],
            "source": "CPE_STRING",
            "cpes": [
                "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*"
            ]
        }
    ]
}
References

Affected packages

Git / gitlab.gnome.org/gnome/file-roller

Affected ranges

Type
GIT
Repo
https://gitlab.gnome.org/gnome/file-roller
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
e8fb3e24dae711e4fb0d6777e0016cdda8787bc1
Fixed
57268e51e59b61c9e3125eb0f65551c7084297e2
Database specific 
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.29.91"
        }
    ],
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ],
    "cpe": "cpe:2.3:a:gnome:file-roller:*:*:*:*:*:*:*:*"
}

Affected versions

3.*
3.0.1
3.0.2
3.1.1
3.1.2
3.1.90
3.1.91
3.1.92
3.10.0
3.10.1
3.11.1
3.11.2
3.11.3
3.11.4
3.11.5
3.11.90
3.11.91
3.11.92
3.12.0
3.12.1
3.13.1
3.13.2
3.13.91
3.13.92
3.14.0
3.14.1
3.15.1
3.15.2
3.15.90
3.15.91
3.15.92
3.16.0
3.16.1
3.16.2
3.16.3
3.16.4
3.19.1
3.19.90
3.19.91
3.2.0
3.2.1
3.20.0
3.20.1
3.20.2
3.21.90
3.21.91
3.22.0
3.22.1
3.22.2
3.22.3
3.23.91
3.23.92
3.24.0
3.24.1
3.25.1
3.25.91
3.26.0
3.26.1
3.27.1
3.27.90
3.27.91
3.28.0
3.29.1
3.29.90
3.3.1
3.3.2
3.3.3
3.3.90
3.3.91
3.3.92
3.4.0
3.4.1
3.4.2
3.5.1
3.5.2
3.5.3
3.5.4
3.5.90
3.5.91
3.5.92
3.6.0
3.6.1
3.6.1.1
3.6.2
3.7.1
3.7.2
3.7.3
3.7.90
3.7.91
3.7.92
3.8.0
3.8.1
3.9.1
3.9.2
3.9.3
3.9.4
3.9.90
3.9.91
3.9.92
Other
FILE_ROLLER_2_13_2
FILE_ROLLER_2_13_4
FILE_ROLLER_2_13_90
FILE_ROLLER_2_13_91
FILE_ROLLER_2_13_92
FILE_ROLLER_2_14_0
FILE_ROLLER_2_14_1
FILE_ROLLER_2_14_2
FILE_ROLLER_2_14_3
FILE_ROLLER_2_15_1
FILE_ROLLER_2_15_90
FILE_ROLLER_2_15_91
FILE_ROLLER_2_15_92
FILE_ROLLER_2_15_93
FILE_ROLLER_2_16_0
FILE_ROLLER_2_16_1
FILE_ROLLER_2_17_1
FILE_ROLLER_2_17_2
FILE_ROLLER_2_17_3
FILE_ROLLER_2_17_4
FILE_ROLLER_2_17_5
FILE_ROLLER_2_17_90
FILE_ROLLER_2_17_91
FILE_ROLLER_2_17_92
FILE_ROLLER_2_18_0
FILE_ROLLER_2_19_1
FILE_ROLLER_2_19_2
FILE_ROLLER_2_19_3
FILE_ROLLER_2_19_4
FILE_ROLLER_2_19_90
FILE_ROLLER_2_19_91
FILE_ROLLER_2_19_92
FILE_ROLLER_2_20_0
FILE_ROLLER_2_20_1
FILE_ROLLER_2_20_2
FILE_ROLLER_2_21_1
FILE_ROLLER_2_21_2
FILE_ROLLER_2_21_91
FILE_ROLLER_2_21_92
FILE_ROLLER_2_22_0
FILE_ROLLER_2_23_1
FILE_ROLLER_2_23_2
FILE_ROLLER_2_23_3
FILE_ROLLER_2_23_4
FILE_ROLLER_2_23_5
FILE_ROLLER_2_23_6
FILE_ROLLER_2_23_91
FILE_ROLLER_2_23_92
FILE_ROLLER_2_24_0
FILE_ROLLER_2_24_1
FILE_ROLLER_2_24_2
FILE_ROLLER_2_25_1
FILE_ROLLER_2_25_2
FILE_ROLLER_2_25_90
FILE_ROLLER_2_25_91
FILE_ROLLER_2_25_92
FILE_ROLLER_2_26_0
FILE_ROLLER_2_26_1
FILE_ROLLER_2_27_1
FILE_ROLLER_2_27_2
FILE_ROLLER_2_27_3
FILE_ROLLER_2_27_90
FILE_ROLLER_2_27_91
FILE_ROLLER_2_27_92
FILE_ROLLER_2_28_0
FILE_ROLLER_2_28_1
FILE_ROLLER_2_29_1
FILE_ROLLER_2_29_2
FILE_ROLLER_2_29_3
FILE_ROLLER_2_29_4
FILE_ROLLER_2_29_5
FILE_ROLLER_2_29_90
FILE_ROLLER_2_29_91
FILE_ROLLER_2_29_92
FILE_ROLLER_2_30_0
FILE_ROLLER_2_30_1
FILE_ROLLER_2_30_1_1
FILE_ROLLER_2_31_1
FILE_ROLLER_2_31_2
FILE_ROLLER_2_31_3
FILE_ROLLER_2_31_4
FILE_ROLLER_2_31_5
FILE_ROLLER_2_31_90
FILE_ROLLER_2_31_91
FILE_ROLLER_2_31_92
FILE_ROLLER_2_32_0
FILE_ROLLER_2_4_0_1
FILE_ROLLER_2_91_0
FILE_ROLLER_2_91_1
FILE_ROLLER_2_91_2
FILE_ROLLER_2_91_3
FILE_ROLLER_2_91_4
FILE_ROLLER_2_91_5
FILE_ROLLER_2_91_6
FILE_ROLLER_2_91_90
FILE_ROLLER_2_91_91
FILE_ROLLER_2_91_92
FILE_ROLLER_2_91_93
FILE_ROLLER_3_0_0
start

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-16680.json"