Okular is vulnerable to a directory traversal attack.
|Package||kde-apps/okular on all architectures|
|Affected versions||< 18.04.3-r1|
|Unaffected versions||>= 18.04.3-r1|
Okular is a universal document viewer based on KPDF for KDE 4.
It was discovered that Okular contains a Directory Traversal vulnerability in function unpackDocumentArchive() in core/document.cpp.
A remote attacker could entice a user to open a specially crafted Okular archive, possibly allowing the writing of arbitrary files with the privileges of the process.
There is no known workaround at this time.
All Okular users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=kde-apps/okular-18.04.3-r1"
November 10, 2018
November 10, 2018: 1