In the archive manager developed by the KDE project Ark vulnerability (), which allows, when opening a specially designed archive in the application, to overwrite files outside the directory specified for opening the archive. The problem also manifests itself when opening archives in the Dolphin file manager (Extract item in the context menu), which uses the Ark functionality to work with archives. Vulnerability resembles a long-known problem .
Exploitation of the vulnerability comes down to adding paths containing the characters "../" to the archive, during processing of which Ark can go beyond the base directory. For example, using the specified vulnerability, you can overwrite the .bashrc script or place the script in the ~/.config/autostart directory to arrange for your code to run with the privileges of the current user. Checks to issue a warning when there are problematic archives added in the Ark 20.08.0 release. Also available for fix .
Source: opennet.ru
