CVE-2020-16116

NameCVE-2020-16116
DescriptionIn kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can ...
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-4738-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ark (PTS)stretch4:16.08.3-2vulnerable
buster4:18.08.3-1vulnerable
buster (security)4:18.08.3-1+deb10u1fixed
bullseye4:20.04.0-1vulnerable
sid4:20.04.3-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
arksourcebuster4:18.08.3-1+deb10u1DSA-4738-1
arksource(unstable)4:20.04.3-1

Notes

https://kde.org/info/security/advisory-20200730-1.txt
https://invent.kde.org/utilities/ark/-/commit/0df592524fed305d6fbe74ddf8a196bc9ffdb92f

Search for package or bug name: Reporting problems