CVE 2020-24654
In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory.
See the
CVE page on Mitre.org
for more details.