DEBIAN-CVE-2015-0557

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2015-0557

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2015-0557.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2015-0557

Published

2015-04-08T18:59:04.890Z

Modified

2025-11-14T03:18:31.655945Z

Summary

[none]

Details

Open-source ARJ archiver 3.10.22 does not properly remove leading slashes from paths, which allows remote attackers to conduct absolute path traversal attacks and write to arbitrary files via multiple leading slashes in a path in an ARJ archive.

References

https://security-tracker.debian.org/tracker/CVE-2015-0557

Affected packages

Debian:11 / arj

Package

Name: arj
Purl: pkg:deb/debian/arj?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.10.22-13

Ecosystem specific

{
    "urgency": "low"
}

Debian:12 / arj

Package

Name: arj
Purl: pkg:deb/debian/arj?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.10.22-13

Ecosystem specific

{
    "urgency": "low"
}

Debian:13 / arj

Package

Name: arj
Purl: pkg:deb/debian/arj?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.10.22-13

Ecosystem specific

{
    "urgency": "low"
}

Debian:14 / arj

Package

Name: arj
Purl: pkg:deb/debian/arj?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.10.22-13

Ecosystem specific

{
    "urgency": "low"
}