CVE-2020-16116

Description

In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal.

Link	Tags
https://github.com/KDE/ark/commits/master	third party advisory release notes
https://www.debian.org/security/2020/dsa-4738	third party advisory
https://kde.org/info/security/advisory-20200730-1.txt	vendor advisory
https://invent.kde.org/utilities/ark/-/commit/0df592524fed305d6fbe74ddf8a196bc9ffdb92f	patch vendor advisory
https://security.gentoo.org/glsa/202008-03	third party advisory vendor advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PYRKQKUVU45ANH5TFYCYZN6HVP34N3UL/	vendor advisory
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00023.html	mailing list third party advisory vendor advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PMVXSQNCBILVSJLX32ODNU6KUY2X7HRM/	vendor advisory
https://usn.ubuntu.com/4461-1/	third party advisory patch vendor advisory
https://lists.debian.org/debian-lts-announce/2022/05/msg00026.html	third party advisory mailing list

What is the severity of CVE-2020-16116?: CVE-2020-16116 has been scored as a low severity vulnerability.
How to fix CVE-2020-16116?: To fix CVE-2020-16116, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2020-16116 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2020-16116 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.