Okular is vulnerable to a directory traversal attack.
Package | kde-apps/okular on all architectures |
---|---|
Affected versions | < 18.04.3-r1 |
Unaffected versions | >= 18.04.3-r1 |
Okular is a universal document viewer based on KPDF for KDE 4.
It was discovered that Okular contains a Directory Traversal vulnerability in function unpackDocumentArchive() in core/document.cpp.
A remote attacker could entice a user to open a specially crafted Okular archive, possibly allowing the writing of arbitrary files with the privileges of the process.
There is no known workaround at this time.
All Okular users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=kde-apps/okular-18.04.3-r1"
Release date
November 10, 2018
Latest revision
November 10, 2018: 1
Severity
normal
Exploitable
remote
Bugzilla entries