File Roller GNOME File Roller

stack.watch can notify you when security vulnerabilities are reported in GNOME File Roller. You can add multiple products that you use with File Roller to create your own personal software stack watcher.

By the Year

In 2020 there have been 1 vulnerability in GNOME File Roller with an average score of 3.9 out of ten. Last year File Roller had 1 security vulnerability published. At the current rates, it appears that the number of vulerabilities last year and this year may equal out. Last year, the average CVE base score was greater by 0.40

Year Vulnerabilities Average Score
2020 1 3.90
2019 1 4.30
2018 0 0.00

It may take a day or so for new File Roller vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.

Latest GNOME File Roller Security Vulnerabilities

fr-archive-libarchive.c in GNOME file-roller through 3.36.1

CVE-2020-11736 3.9 - Low - April 13, 2020

fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.

Directory traversal

An issue was discovered in GNOME file-roller before 3.29.91

CVE-2019-16680 4.3 - Medium - September 21, 2019

An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction.

Directory traversal