N/A

okular version 18.08 and earlier contains a Directory Traversal vulnerability in function "unpackDocumentArchive(...)" in "core/document.cpp" that can result in Arbitrary file creation on the user workstation. This attack appear to be exploitable via he victim must open a specially crafted Okular archive. This issue appears to have been corrected in version 18.08.1

N/A

N/A

okular 路径遍历漏洞

okular是KDE社区开发的一款通用文档查看器，它支持查看PDF、Postscript、DjVu和CHM等格式文档。 okular 18.08及之前版本中的core/document.cpp文件的‘unpackDocumentArchive(...)’函数存在目录遍历漏洞。攻击者可借助特制的Okular归档文件利用该漏洞在用户工作站上创建任意文件。

N/A

N/A