CVE-2024-57966

CVSS 3.1 Score 5 of 10 (medium)

Details

Published Feb 3, 2025

Updated: Feb 9, 2025

CWE ID 36

Summary

CVE-2024-57966 is a vulnerability affecting the libarchiveplugin.cpp component in KDE ark prior to version 24.12.0. This issue allows an attacker to extract files from an archive to an absolute path, potentially leading to unintended file modifications or data leakage. An attacker could exploit this by crafting a specially designed archive and persuading the victim to extract its contents, thus gaining control over the target file system. Users are strongly advised to update to the latest version of KDE ark to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

K Dear K

Affected Vendors

K. De

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/3BHqlO
https://www.cve.org/CVERecord?id=CVE-2024-57966
https://nvd.nist.gov/vuln/detail/CVE-2024-57966

Back to Vulnerability Database