{"id":"USN-4461-1","summary":"ark vulnerability","details":"Dominik Penner discovered that Ark did not properly sanitize zip archive\nfiles before performing extraction. An attacker could use this to construct\na malicious zip archive that, when opened, would create files outside the\nextraction directory.\n","modified":"2026-02-10T04:41:54Z","published":"2020-08-18T04:13:22Z","related":["UBUNTU-CVE-2020-16116"],"upstream":["CVE-2020-16116","UBUNTU-CVE-2020-16116"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-4461-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-16116"}],"affected":[{"package":{"name":"ark","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/ark@4:17.12.3-0ubuntu1.1?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4:17.12.3-0ubuntu1.1"}]}],"versions":["4:17.04.3-0ubuntu3","4:17.08.3-0ubuntu1","4:17.08.3-0ubuntu2","4:17.12.2-0ubuntu1","4:17.12.3-0ubuntu1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"4:17.12.3-0ubuntu1.1","binary_name":"ark"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4461-1.json","cves_map":{"cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2020-16116"}],"ecosystem":"Ubuntu:18.04:LTS"}}},{"package":{"name":"ark","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/ark@4:19.12.3-0ubuntu1.1?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4:19.12.3-0ubuntu1.1"}]}],"versions":["4:19.04.3-0ubuntu2","4:19.08.1-1","4:19.08.3-0ubuntu1","4:19.12.0-0ubuntu1","4:19.12.0-1","4:19.12.1-0ubuntu1","4:19.12.2-0ubuntu1","4:19.12.3-0ubuntu1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"4:19.12.3-0ubuntu1.1","binary_name":"ark"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4461-1.json","cves_map":{"cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2020-16116"}],"ecosystem":"Ubuntu:20.04:LTS"}}}],"schema_version":"1.7.3"}