VULHUB ™

Speedproject SpeedCommander does not properly display '../' sequences contained in paths for .tar archives. When an archive is displayed to the user, any '../' sequences are displayed as '___'. This could allow a user to believe that the extraction path is legitimate and distribute or pass along a malicious .tar archive.

Speedproject SpeedCommander does not properly display '../' sequences contained in paths for .tar archives. When an archive is displayed to the user, any '../' sequences are displayed as '___'. This could allow a user to believe that the extraction path is legitimate and distribute or pass along a malicious .tar archive.