VULHUB ™

PKZip is prone to a security vulnerability when unpacking .tar archives. The problem is in the handling of pathnames. By specifying a path for an archived item which points outside the expected directory scope, the creator of the archive can cause the file to be extracted to arbitrary locations on the filesystem. An attacker may take advantage of this vulnerability to cause malicious files to be placed anywhere on a target filesystem. This issue was reported in PKZip for Microsoft Windows platforms. It is not known if other platforms are also affected.

PKZip is prone to a security vulnerability when unpacking .tar archives. The problem is in the handling of pathnames. By specifying a path for an archived item which points outside the expected directory scope, the creator of the archive can cause the file to be extracted to arbitrary locations on the filesystem. An attacker may take advantage of this vulnerability to cause malicious files to be placed anywhere on a target filesystem. This issue was reported in PKZip for Microsoft Windows platforms. It is not known if other platforms are also affected.